{ "benchmark_version": "1.0", "timestamp": "2026-05-26T16:09:13Z", "scanner_version": "0.7.0", "scanner_config": { "analysis_mode": "Full", "taint_enabled": true, "ast_patterns_enabled": true, "state_analysis_enabled": true, "worker_threads": 1 }, "ground_truth_hash": "sha256:4ec1e5ec0d72129f458db49b8aab8579a03e704ed6fe6e67ef45038924868420", "corpus_size": 565, "cases_run": 564, "cases_skipped": 1, "outcomes": [ { "case_id": "c-buf-001", "file": "c/buffer_overflow/buffer_sprintf.c", "language": "c", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:19)" ], "unexpected_rule_ids": [ "c.memory.sprintf" ], "all_finding_ids": [ "c.memory.sprintf", "taint-unsanitised-flow (source 6:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-buf-002", "file": "c/buffer_overflow/buffer_strcpy.c", "language": "c", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [ "c.memory.strcpy" ], "all_finding_ids": [ "c.memory.strcpy", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-buf-003", "file": "c/buffer_overflow/buffer_strcat.c", "language": "c", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [ "c.memory.strcat" ], "all_finding_ids": [ "c.memory.strcat", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-buf-005", "file": "c/buffer_overflow/buffer_strcpy_user_arg.c", "language": "c", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.memory.strcpy" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.memory.strcpy" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-cmdi-001", "file": "c/cmdi/cmdi_system.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.cmdi.system", "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.cmdi.system", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-cmdi-002", "file": "c/cmdi/cmdi_popen.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.cmdi.popen", "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.cmdi.popen", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-cmdi-003", "file": "c/cmdi/cmdi_exec.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-unguarded-sink" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-unguarded-sink" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-cmdi-004", "file": "c/cmdi/cmdi_fgets.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.cmdi.system", "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.cmdi.system", "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-data_exfil-001", "file": "c/data_exfil/exfil_curl_postfields_env.c", "language": "c", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 9:19)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 9:19)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-fmt-001", "file": "c/fmt_string/fmt_printf.c", "language": "c", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [ "c.memory.printf_no_fmt" ], "all_finding_ids": [ "c.memory.printf_no_fmt", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-fmt-002", "file": "c/fmt_string/fmt_fprintf.c", "language": "c", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-path-001", "file": "c/path_traversal/path_traversal_fopen.c", "language": "c", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-path-002", "file": "c/path_traversal/path_traversal_open.c", "language": "c", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-safe-001", "file": "c/safe/safe_constant.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-002", "file": "c/safe/safe_sanitized_snprintf.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-003", "file": "c/safe/safe_atoi.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-004", "file": "c/safe/safe_reassigned.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-005", "file": "c/safe/safe_strncpy.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-006", "file": "c/safe/safe_validated.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-007", "file": "c/safe/safe_strtol.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-008", "file": "c/safe/safe_sanitize_func.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-014", "file": "c/safe/safe_direct_path_sanitizer.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-015", "file": "c/safe/safe_status_code_sanitizer.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-016", "file": "c/safe/safe_cross_function_dotdot.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-017", "file": "c/safe/safe_strcpy_literal_src.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-018", "file": "c/safe/safe_sprintf_bounded_format.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-data_exfil-001", "file": "c/safe/safe_data_exfil_user_input_echo.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-realrepo-019", "file": "c/safe/safe_struct_field_subbuffer_alloc.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-ssrf-001", "file": "c/ssrf/ssrf_curl.c", "language": "c", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-vuln-realrepo-019", "file": "c/safe/vuln_local_leak_no_field_assign.c", "language": "c", "vuln_class": "resource", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "state-resource-leak", "cfg-resource-leak" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-buf-001", "file": "cpp/buffer_overflow/buffer_sprintf.cpp", "language": "cpp", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:19)" ], "unexpected_rule_ids": [ "cpp.memory.sprintf" ], "all_finding_ids": [ "cpp.memory.sprintf", "taint-unsanitised-flow (source 6:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-buf-002", "file": "cpp/buffer_overflow/buffer_strcpy.cpp", "language": "cpp", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [ "cpp.memory.strcpy" ], "all_finding_ids": [ "cpp.memory.strcpy", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-buf-003", "file": "cpp/buffer_overflow/buffer_reinterpret_cast_struct_alias.cpp", "language": "cpp", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.memory.reinterpret_cast" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.memory.reinterpret_cast" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-001", "file": "cpp/cmdi/cmdi_system.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.cmdi.system", "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.cmdi.system", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-002", "file": "cpp/cmdi/cmdi_popen.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.cmdi.popen", "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.cmdi.popen", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-003", "file": "cpp/cmdi/cmdi_getline.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.cmdi.system", "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.cmdi.system", "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-004", "file": "cpp/cmdi/cmdi_exec.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-unguarded-sink" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-unguarded-sink" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-005", "file": "cpp/cmdi/cmdi_stl_vector_string.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 16:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 16:23)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-006", "file": "cpp/cmdi/cmdi_lambda_passthrough.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 14:19)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 14:19)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-007", "file": "cpp/cmdi/cmdi_class_inline_method.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 25:19)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 25:19)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-fmt-001", "file": "cpp/fmt_string/fmt_printf.cpp", "language": "cpp", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [ "cpp.memory.printf_no_fmt" ], "all_finding_ids": [ "cpp.memory.printf_no_fmt", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-fmt-002", "file": "cpp/fmt_string/fmt_fprintf.cpp", "language": "cpp", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-path-001", "file": "cpp/path_traversal/path_traversal_fopen.cpp", "language": "cpp", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-path-002", "file": "cpp/path_traversal/path_traversal_open.cpp", "language": "cpp", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-001", "file": "cpp/safe/safe_constant.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-002", "file": "cpp/safe/safe_snprintf.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-003", "file": "cpp/safe/safe_stoi.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-004", "file": "cpp/safe/safe_reassigned.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-005", "file": "cpp/safe/safe_strncpy.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-006", "file": "cpp/safe/safe_validated.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-007", "file": "cpp/safe/safe_sanitize_func.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-008", "file": "cpp/safe/safe_strtol.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-014", "file": "cpp/safe/safe_direct_path_sanitizer.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-015", "file": "cpp/safe/safe_optional_path_sanitizer.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-016", "file": "cpp/safe/safe_cross_function_dotdot.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-017", "file": "cpp/safe/safe_stl_vector_int.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-018", "file": "cpp/safe/safe_builder_const_host.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-019", "file": "cpp/safe/safe_reinterpret_cast_byte_pointer.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-ssrf-001", "file": "cpp/ssrf/ssrf_curl.cpp", "language": "cpp", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-ssrf-002", "file": "cpp/ssrf/ssrf_connect.cpp", "language": "cpp", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 10:21)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 10:21)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-ssrf-003", "file": "cpp/ssrf/ssrf_builder_user_host.cpp", "language": "cpp", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 23:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 23:23)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-c-2016-3714-patched", "file": "cve_corpus/c/CVE-2016-3714/patched.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-c-2016-3714-vulnerable", "file": "cve_corpus/c/CVE-2016-3714/vulnerable.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.cmdi.system" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.cmdi.system" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-c-2017-1000117-patched", "file": "cve_corpus/c/CVE-2017-1000117/patched.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-c-2017-1000117-vulnerable", "file": "cve_corpus/c/CVE-2017-1000117/vulnerable.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 95:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 95:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-c-2019-18634-patched", "file": "cve_corpus/c/CVE-2019-18634/patched.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-c-2019-18634-vulnerable", "file": "cve_corpus/c/CVE-2019-18634/vulnerable.c", "language": "c", "vuln_class": "memory_safety", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.memory.strcpy" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.memory.strcpy" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-cpp-2019-13132-patched", "file": "cve_corpus/cpp/CVE-2019-13132/patched.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-cpp-2019-13132-vulnerable", "file": "cve_corpus/cpp/CVE-2019-13132/vulnerable.cpp", "language": "cpp", "vuln_class": "memory_safety", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.memory.strcpy" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.memory.strcpy" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-cpp-2022-1941-patched", "file": "cve_corpus/cpp/CVE-2022-1941/patched.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-cpp-2022-1941-vulnerable", "file": "cve_corpus/cpp/CVE-2022-1941/vulnerable.cpp", "language": "cpp", "vuln_class": "memory_safety", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.memory.strcpy" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.memory.strcpy" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-go-2022-30323-patched", "file": "cve_corpus/go/CVE-2022-30323/patched.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-go-2022-30323-vulnerable", "file": "cve_corpus/go/CVE-2022-30323/vulnerable.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "taint-unsanitised-flow (source 30:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "taint-unsanitised-flow (source 30:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-go-2023-3188-patched", "file": "cve_corpus/go/CVE-2023-3188/patched.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-go-2023-3188-vulnerable", "file": "cve_corpus/go/CVE-2023-3188/vulnerable.go", "language": "go", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 84:13)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 84:13)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-go-2024-31450-patched", "file": "cve_corpus/go/CVE-2024-31450/patched.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-go-2024-31450-vulnerable", "file": "cve_corpus/go/CVE-2024-31450/vulnerable.go", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 62:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 62:11)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-go-2026-41422-patched", "file": "cve_corpus/go/CVE-2026-41422/patched.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-go-2026-41422-vulnerable", "file": "cve_corpus/go/CVE-2026-41422/vulnerable.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 35:22)", "taint-unsanitised-flow (source 35:22)", "taint-unsanitised-flow (source 35:22)", "taint-unsanitised-flow (source 35:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 35:22)", "taint-unsanitised-flow (source 35:22)", "taint-unsanitised-flow (source 35:22)", "taint-unsanitised-flow (source 35:22)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "cve-java-2015-7501-patched", "file": "cve_corpus/java/CVE-2015-7501/patched.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-java-2015-7501-vulnerable", "file": "cve_corpus/java/CVE-2015-7501/vulnerable.java", "language": "java", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 34:54)" ], "unexpected_rule_ids": [ "java.xss.getwriter_print" ], "all_finding_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 34:54)", "java.xss.getwriter_print" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "cve-java-2017-12629-patched", "file": "cve_corpus/java/CVE-2017-12629/patched.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-java-2017-12629-vulnerable", "file": "cve_corpus/java/CVE-2017-12629/vulnerable.java", "language": "java", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 29:21)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 29:21)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-java-2022-1471-patched", "file": "cve_corpus/java/CVE-2022-1471/patched.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-java-2022-1471-vulnerable", "file": "cve_corpus/java/CVE-2022-1471/vulnerable.java", "language": "java", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.deser.snakeyaml_unsafe_constructor" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.deser.snakeyaml_unsafe_constructor" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-java-2022-42889-patched", "file": "cve_corpus/java/CVE-2022-42889/patched.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-java-2022-42889-vulnerable", "file": "cve_corpus/java/CVE-2022-42889/vulnerable.java", "language": "java", "vuln_class": "code_exec", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.code_exec.text4shell_interpolator" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.code_exec.text4shell_interpolator" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-java-ghsa-h8cj-hpmg-636v-patched", "file": "cve_corpus/java/GHSA-h8cj-hpmg-636v/patched.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-java-ghsa-h8cj-hpmg-636v-vulnerable", "file": "cve_corpus/java/GHSA-h8cj-hpmg-636v/vulnerable.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 43:28)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 43:28)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-js-2019-14939-patched", "file": "cve_corpus/javascript/CVE-2019-14939/patched.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-js-2019-14939-vulnerable", "file": "cve_corpus/javascript/CVE-2019-14939/vulnerable.js", "language": "javascript", "vuln_class": "code_exec", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 24:5)", "taint-unsanitised-flow (source 24:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 24:5)", "taint-unsanitised-flow (source 24:5)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "cve-js-2023-22621-patched", "file": "cve_corpus/javascript/CVE-2023-22621/patched.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-js-2023-22621-vulnerable", "file": "cve_corpus/javascript/CVE-2023-22621/vulnerable.js", "language": "javascript", "vuln_class": "code_exec", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 46:26)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 46:26)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-js-2025-64430-patched", "file": "cve_corpus/javascript/CVE-2025-64430/patched.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-js-2025-64430-vulnerable", "file": "cve_corpus/javascript/CVE-2025-64430/vulnerable.js", "language": "javascript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 52:30)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 52:30)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-js-2026-42353-patched", "file": "cve_corpus/javascript/CVE-2026-42353/patched.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-js-2026-42353-vulnerable", "file": "cve_corpus/javascript/CVE-2026-42353/vulnerable.js", "language": "javascript", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 44:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 44:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-php-2017-9841-patched", "file": "cve_corpus/php/CVE-2017-9841/patched.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-php-2017-9841-vulnerable", "file": "cve_corpus/php/CVE-2017-9841/vulnerable.php", "language": "php", "vuln_class": "code_exec", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.code_exec.eval", "taint-unsanitised-flow (source 21:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.code_exec.eval", "taint-unsanitised-flow (source 21:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-php-2018-15133-patched", "file": "cve_corpus/php/CVE-2018-15133/patched.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-php-2018-15133-vulnerable", "file": "cve_corpus/php/CVE-2018-15133/vulnerable.php", "language": "php", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 24:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 24:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-php-2026-33486-patched", "file": "cve_corpus/php/CVE-2026-33486/patched.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-php-2026-33486-vulnerable", "file": "cve_corpus/php/CVE-2026-33486/vulnerable.php", "language": "php", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 40:9)" ], "unexpected_rule_ids": [ "state-resource-leak" ], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 40:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-py-2017-18342-patched", "file": "cve_corpus/python/CVE-2017-18342/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2017-18342-vulnerable", "file": "cve_corpus/python/CVE-2017-18342/vulnerable.py", "language": "python", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.deser.yaml_load", "taint-unsanitised-flow (source 26:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.deser.yaml_load", "taint-unsanitised-flow (source 26:11)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-py-2023-48022-patched", "file": "cve_corpus/python/CVE-2023-48022/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2023-48022-vulnerable", "file": "cve_corpus/python/CVE-2023-48022/vulnerable.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 26:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 26:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-py-2023-6568-patched", "file": "cve_corpus/python/CVE-2023-6568/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2023-6568-vulnerable", "file": "cve_corpus/python/CVE-2023-6568/vulnerable.py", "language": "python", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.xss.make_response_format", "taint-unsanitised-flow (source 41:20)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.xss.make_response_format", "taint-unsanitised-flow (source 41:20)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-py-2024-21513-patched", "file": "cve_corpus/python/CVE-2024-21513/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2024-21513-vulnerable", "file": "cve_corpus/python/CVE-2024-21513/vulnerable.py", "language": "python", "vuln_class": "code_exec", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.code_exec.eval" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.code_exec.eval" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-py-2024-23334-patched", "file": "cve_corpus/python/CVE-2024-23334/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2024-23334-vulnerable", "file": "cve_corpus/python/CVE-2024-23334/vulnerable.py", "language": "python", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 45:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 45:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-py-2025-69662-patched", "file": "cve_corpus/python/CVE-2025-69662/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2025-69662-vulnerable", "file": "cve_corpus/python/CVE-2025-69662/vulnerable.py", "language": "python", "vuln_class": "sql_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 35:12)", "py.sqli.text_format" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 35:12)", "py.sqli.text_format" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-py-2026-33626-patched", "file": "cve_corpus/python/CVE-2026-33626/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2026-33626-vulnerable", "file": "cve_corpus/python/CVE-2026-33626/vulnerable.py", "language": "python", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 43:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 43:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2013-0156-patched", "file": "cve_corpus/ruby/CVE-2013-0156/patched.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2013-0156-vulnerable", "file": "cve_corpus/ruby/CVE-2013-0156/vulnerable.rb", "language": "ruby", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.deser.yaml_load" ], "unexpected_rule_ids": [ "cfg-unguarded-sink" ], "all_finding_ids": [ "cfg-unguarded-sink", "rb.deser.yaml_load" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2020-8130-patched", "file": "cve_corpus/ruby/CVE-2020-8130/patched.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2020-8130-vulnerable", "file": "cve_corpus/ruby/CVE-2020-8130/vulnerable.rb", "language": "ruby", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 37:16)", "taint-unsanitised-flow (source 44:7)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 37:16)", "taint-unsanitised-flow (source 44:7)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2021-21288-patched", "file": "cve_corpus/ruby/CVE-2021-21288/patched.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2021-21288-vulnerable", "file": "cve_corpus/ruby/CVE-2021-21288/vulnerable.rb", "language": "ruby", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 64:29)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 64:29)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2023-38337-patched", "file": "cve_corpus/ruby/CVE-2023-38337/patched.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2023-38337-vulnerable", "file": "cve_corpus/ruby/CVE-2023-38337/vulnerable.rb", "language": "ruby", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 54:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 54:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-rs-2018-20997-patched", "file": "cve_corpus/rust/CVE-2018-20997/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2018-20997-vulnerable", "file": "cve_corpus/rust/CVE-2018-20997/vulnerable.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 27:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 27:22)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2022-36113-patched", "file": "cve_corpus/rust/CVE-2022-36113/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2022-36113-vulnerable", "file": "cve_corpus/rust/CVE-2022-36113/vulnerable.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 29:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 29:22)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2023-42456-patched", "file": "cve_corpus/rust/CVE-2023-42456/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2023-42456-vulnerable", "file": "cve_corpus/rust/CVE-2023-42456/vulnerable.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 42:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 42:16)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2024-24576-patched", "file": "cve_corpus/rust/CVE-2024-24576/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "cve-rs-2024-24576-vulnerable", "file": "cve_corpus/rust/CVE-2024-24576/vulnerable.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 27:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 27:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "cve-rs-2024-32884-patched", "file": "cve_corpus/rust/CVE-2024-32884/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "rs.quality.expect" ], "security_finding_count": 0, "non_security_finding_count": 3 }, { "case_id": "cve-rs-2024-32884-vulnerable", "file": "cve_corpus/rust/CVE-2024-32884/vulnerable.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 64:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "rs.quality.expect", "taint-unsanitised-flow (source 64:15)" ], "security_finding_count": 1, "non_security_finding_count": 3 }, { "case_id": "cve-rs-2025-53549-patched", "file": "cve_corpus/rust/CVE-2025-53549/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2025-53549-vulnerable", "file": "cve_corpus/rust/CVE-2025-53549/vulnerable.rs", "language": "rust", "vuln_class": "sql_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 64:36)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 64:36)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "cve-ts-2023-26159-patched", "file": "cve_corpus/typescript/CVE-2023-26159/patched.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-ts-2023-26159-vulnerable", "file": "cve_corpus/typescript/CVE-2023-26159/vulnerable.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 28:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 28:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-ts-2026-25544-patched", "file": "cve_corpus/typescript/CVE-2026-25544/patched.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-ts-2026-25544-vulnerable", "file": "cve_corpus/typescript/CVE-2026-25544/vulnerable.ts", "language": "typescript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 73:5)", "taint-unsanitised-flow (source 73:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 73:5)", "taint-unsanitised-flow (source 73:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-ts-ghsa-4x48-cgf9-q33f-patched", "file": "cve_corpus/typescript/GHSA-4x48-cgf9-q33f/patched.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-ts-ghsa-4x48-cgf9-q33f-vulnerable", "file": "cve_corpus/typescript/GHSA-4x48-cgf9-q33f/vulnerable.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 50:5)", "taint-unsanitised-flow (source 50:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 50:5)", "taint-unsanitised-flow (source 50:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-auth-realrepo-001", "file": "go/auth/vuln_repo_findbyid_no_auth.go", "language": "go", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "go.auth.missing_ownership_check", "go.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.auth.missing_ownership_check", "go.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-auth-realrepo-002", "file": "go/auth/vuln_apicontext_findbyid.go", "language": "go", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "go.auth.missing_ownership_check", "go.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.auth.missing_ownership_check", "go.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-001", "file": "go/cmdi/cmdi_direct.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:9)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-002", "file": "go/cmdi/cmdi_indirect.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-003", "file": "go/cmdi_env/cmdi_env.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "taint-unsanitised-flow (source 9:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "taint-unsanitised-flow (source 9:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-004", "file": "go/cmdi/cmdi_unvalidated_queue_element.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 13:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 13:22)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-cross-001", "file": "go/cmdi/cross_source/", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:9)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-realrepo-001", "file": "go/cmdi/vuln_error_log_then_sink.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-error-fallthrough", "go.sqli.query_concat" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-error-fallthrough", "go.sqli.query_concat" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-data_exfil-001", "file": "go/data_exfil/exfil_http_post_cookie_body.go", "language": "go", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 11:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 11:10)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-fmt_string-001", "file": "go/fmt_string/fmt_injection.go", "language": "go", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-interproc-001", "file": "go/interprocedural/interproc_taint_propagation.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 13:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 13:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-interproc-safe-001", "file": "go/interprocedural/interproc_sanitizer_wrap.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-path-002", "file": "go/path_traversal/path_traversal_remove.go", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 17:10)" ], "unexpected_rule_ids": [ "state-unauthed-access" ], "all_finding_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 17:10)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-path-003", "file": "go/path_traversal/path_traversal_ifinit.go", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 27:13)" ], "unexpected_rule_ids": [ "state-unauthed-access" ], "all_finding_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 27:13)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-path-safe-002", "file": "go/path_traversal/safe_path_traversal_remove.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-path-safe-003", "file": "go/path_traversal/safe_path_traversal_ifinit.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-path_traversal-001", "file": "go/path_traversal/path_traversal.go", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-path_traversal-cross-001", "file": "go/path_traversal/cross_sanitizer/", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-pathprune-safe-001", "file": "go/path_pruning/safe_early_return.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-001", "file": "go/safe/safe_constant.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-002", "file": "go/safe/safe_dominated.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-003", "file": "go/safe/safe_interprocedural.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-004", "file": "go/safe/safe_non_security_sink.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-005", "file": "go/safe/safe_reassigned.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-006", "file": "go/safe/safe_sanitized.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-007", "file": "go/safe/safe_type_check.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-008", "file": "go/safe/safe_validated.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-009", "file": "go/safe/safe_validated_queue_element.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-014", "file": "go/safe/safe_direct_path_sanitizer.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-015", "file": "go/safe/safe_tuple_path_sanitizer.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-016", "file": "go/safe/safe_cross_function_dotdot.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-atoi-001", "file": "go/safe/safe_strconv_atoi.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-data_exfil-001", "file": "go/safe/safe_data_exfil_user_input_echo.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-fieldproj-phase3", "file": "go/safe/safe_chained_receiver_field_proj.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-001", "file": "go/safe/safe_error_log_only_function.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-002", "file": "go/safe/safe_method_receiver_mutex.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-003", "file": "go/safe/safe_const_bound_id.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-004", "file": "go/safe/safe_chained_call_response_header.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-005", "file": "go/safe/safe_self_method_receiver.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-006", "file": "go/safe/safe_test_helper_fatal.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-016", "file": "go/safe/safe_inner_call_close_in_arg.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-017", "file": "go/safe/safe_struct_field_resource_owned_by_struct.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-018", "file": "go/safe/safe_ctx_context_helper.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-019", "file": "go/safe/safe_dao_helper_id_scalar.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-sqli-001", "file": "go/sqli/sqli_concat.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "go.sqli.query_concat", "taint-unsanitised-flow (source 9:8)" ], "unexpected_rule_ids": [ "go.auth.missing_ownership_check" ], "all_finding_ids": [ "state-resource-leak", "go.auth.missing_ownership_check", "go.sqli.query_concat", "taint-unsanitised-flow (source 9:8)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "go-sqli-002", "file": "go/sqli/sqli_sprintf.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 10:8)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 10:8)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-sqli-003", "file": "go/sqli/sqli_queryrow.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "go.sqli.query_concat", "taint-unsanitised-flow (source 9:8)" ], "unexpected_rule_ids": [ "go.auth.missing_ownership_check" ], "all_finding_ids": [ "state-resource-leak", "go.auth.missing_ownership_check", "go.sqli.query_concat", "taint-unsanitised-flow (source 9:8)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "go-sqli-004", "file": "go/sqli/sqli_for_range.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 15:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 15:10)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-sqli-safe-001", "file": "go/safe/safe_sqli_for_range_allowlist.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-001", "file": "go/ssrf/ssrf_http_get.go", "language": "go", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-002", "file": "go/ssrf/ssrf_new_request.go", "language": "go", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-004", "file": "go/ssrf/ssrf_default_client_get.go", "language": "go", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 12:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 12:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-safe-001", "file": "go/ssrf/safe_ssrf_hardcoded.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-safe-002", "file": "go/ssrf/safe_ssrf_default_client_get.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-vuln-realrepo-018", "file": "go/safe/vuln_resource_leak_no_close.go", "language": "go", "vuln_class": "resource", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "state-resource-leak", "cfg-resource-leak" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-xss-001", "file": "go/xss/xss_fprintf.go", "language": "go", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-xss-002", "file": "go/xss/xss_template_html.go", "language": "go", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:11)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-xss-gin-001", "file": "go/xss/xss_gin_source.go", "language": "go", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-cmdi-001", "file": "java/cmdi/CmdiDirect.java", "language": "java", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 5:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 5:22)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-cmdi-002", "file": "java/cmdi/CmdiIndirect.java", "language": "java", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 5:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 5:23)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-code_injection-001", "file": "java/code_injection/CodeInjection.java", "language": "java", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.reflection.class_forname", "taint-unsanitised-flow (source 5:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.reflection.class_forname", "taint-unsanitised-flow (source 5:22)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-data_exfil-001", "file": "java/data_exfil/DataExfilJdkHttpClient.java", "language": "java", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 14:28)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 14:28)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-data_exfil-002", "file": "java/data_exfil/DataExfilOkHttp.java", "language": "java", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 14:33)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 14:33)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-deser-001", "file": "java/deser/DeserOis.java", "language": "java", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 6:55)", "taint-unsanitised-flow (source 6:55)" ], "unexpected_rule_ids": [ "java.xss.getwriter_print" ], "all_finding_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 6:55)", "java.xss.getwriter_print", "taint-unsanitised-flow (source 6:55)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "java-deser-002", "file": "java/deser/DeserSource.java", "language": "java", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 6:55)", "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 6:55)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 6:55)", "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 6:55)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "java-interproc-001", "file": "java/interprocedural/InterprocTaintPropagation.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:25)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "cfg-resource-leak", "taint-unsanitised-flow (source 9:25)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-interproc-safe-001", "file": "java/interprocedural/InterprocSanitizerWrap.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-path_traversal-001", "file": "java/path_traversal/PathTraversal.java", "language": "java", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 6:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 6:23)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-preauth-001", "file": "java/auth/SafePreAuthorize.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-preauth-vuln-001", "file": "java/auth/VulnNoPreAuthorize.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 11:23)" ], "unexpected_rule_ids": [ "java.xss.getwriter_print" ], "all_finding_ids": [ "java.xss.getwriter_print", "taint-unsanitised-flow (source 11:23)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-safe-001", "file": "java/safe/SafeConstant.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-002", "file": "java/safe/SafeDominated.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-003", "file": "java/safe/SafeInterprocedural.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-004", "file": "java/safe/SafeNonSecuritySink.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-005", "file": "java/safe/SafeReassigned.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-006", "file": "java/safe/SafeSanitized.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-007", "file": "java/safe/SafeTypeCheck.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-008", "file": "java/safe/SafeValidated.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-014", "file": "java/safe/SafeDirectPathSanitizer.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-015", "file": "java/safe/SafeOptionalPathSanitizer.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-016", "file": "java/safe/SafeCrossFunctionDotdot.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-prepared-001", "file": "java/safe/safe_prepared_statement.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-realrepo-001", "file": "java/safe/SafeLoggerIsEnabled.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-realrepo-keycloak-001", "file": "java/safe/SafeJpaParameterizedExecute.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-realrepo-openmrs-001", "file": "java/safe/SafeJpaCriteriaQuery.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-stmt-execute-validated", "file": "java/safe/safe_statement_execute_pattern_validated.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-sqli-001", "file": "java/sqli/SqliConcat.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "java.sqli.execute_concat", "taint-unsanitised-flow (source 6:21)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak", "java.sqli.execute_concat", "taint-unsanitised-flow (source 6:21)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "java-sqli-002", "file": "java/sqli/SqliFormat.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 6:21)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak", "taint-unsanitised-flow (source 6:21)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "java-sqli-realrepo-keycloak-001", "file": "java/sqli/SqliJpaCreateQueryConcat.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "FN", "outcome_rule_level": "FN", "outcome_location_level": "FN", "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-sqli-stmt-001", "file": "java/sqli/sqli_statement_vs_prepared.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "state-resource-leak", "taint-unsanitised-flow (source 7:21)", "taint-unsanitised-flow (source 7:21)" ], "unexpected_rule_ids": [ "java.sqli.execute_concat", "java.xss.getwriter_print" ], "all_finding_ids": [ "state-resource-leak", "java.sqli.execute_concat", "state-resource-leak", "taint-unsanitised-flow (source 7:21)", "java.xss.getwriter_print", "taint-unsanitised-flow (source 7:21)" ], "security_finding_count": 6, "non_security_finding_count": 0 }, { "case_id": "java-sqli-stmt-execute-002", "file": "java/sqli/sqli_statement_execute_chained.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 25:28)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 25:28)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-ssrf-001", "file": "java/ssrf/SsrfRequest.java", "language": "java", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 7:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 7:22)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-ssrf-002", "file": "java/ssrf/SsrfHttpClient.java", "language": "java", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:22)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-xss-001", "file": "java/xss/XssReflected.java", "language": "java", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:23)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-allowlist-dispatch-001", "file": "javascript/safe/safe_switch_dispatch.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-auth-realrepo-001", "file": "javascript/auth/safe_req_user_id_copy.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-cmdi-001", "file": "javascript/cmdi/cmdi_direct.js", "language": "javascript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-cmdi-002", "file": "javascript/cmdi/cmdi_indirect.js", "language": "javascript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-code_injection-001", "file": "javascript/code_injection/code_injection.js", "language": "javascript", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "js-code_injection-002", "file": "javascript/code_injection/code_injection_indirect.js", "language": "javascript", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [ "js.code_exec.new_function" ], "all_finding_ids": [ "js.code_exec.new_function", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-data_exfil-001", "file": "javascript/data_exfil/exfil_fetch_cookie_body.js", "language": "javascript", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-data_exfil-002", "file": "javascript/data_exfil/exfil_fetch_external_destination.js", "language": "javascript", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-data_exfil-003", "file": "javascript/data_exfil/exfil_xhr_send_header.js", "language": "javascript", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-destructure-sanitize-001", "file": "javascript/safe/safe_object_destructure_sanitize.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-destructure-vuln-001", "file": "javascript/xss/vuln_object_destructure_no_sanitize.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:21)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:21)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-interproc-001", "file": "javascript/interprocedural/interproc_taint_propagation.js", "language": "javascript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 10:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 10:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-interproc-safe-001", "file": "javascript/interprocedural/interproc_sanitizer_wrap.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-path_traversal-001", "file": "javascript/path_traversal/path_traversal.js", "language": "javascript", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-path_traversal-ternary-source-001", "file": "javascript/path_traversal/path_traversal_ternary_source.js", "language": "javascript", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 15:29)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 15:29)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-pathprune-safe-001", "file": "javascript/path_pruning/safe_early_return.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-001", "file": "javascript/safe/safe_constant.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-002", "file": "javascript/safe/safe_dominated.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-003", "file": "javascript/safe/safe_interprocedural.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-004", "file": "javascript/safe/safe_non_security_sink.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-005", "file": "javascript/safe/safe_reassigned.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-006", "file": "javascript/safe/safe_sanitized.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-007", "file": "javascript/safe/safe_type_check.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-008", "file": "javascript/safe/safe_validated.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-014", "file": "javascript/safe/safe_direct_path_sanitizer.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-015", "file": "javascript/safe/safe_null_path_sanitizer.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-016", "file": "javascript/safe/safe_cross_function_dotdot.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-021", "file": "javascript/safe/safe_canonicalise_rooted_startsWith.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-022", "file": "javascript/safe/safe_env_empty_fallback.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-data_exfil-001", "file": "javascript/safe/safe_data_exfil_sanitizer_wrap.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-data_exfil-002", "file": "javascript/safe/safe_data_exfil_user_input_echo.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-jest-callback-001", "file": "javascript/safe/safe_jest_test_callback_no_handler.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-parseInt-001", "file": "javascript/safe/safe_parseInt.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-realrepo-001", "file": "javascript/safe/safe_dom_globals_and_methods.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-realrepo-002", "file": "javascript/safe/safe_happy_path_error_check.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-realrepo-006", "file": "javascript/safe/safe_localised_gherkin_regex.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-ternary-const-branches", "file": "javascript/safe/safe_ternary_const_branches.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-sqli-001", "file": "javascript/sqli/sqli_concat.js", "language": "javascript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-sqli-002", "file": "javascript/sqli/sqli_template.js", "language": "javascript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-001", "file": "javascript/ssrf/ssrf_fetch.js", "language": "javascript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-002", "file": "javascript/ssrf/ssrf_axios.js", "language": "javascript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-003", "file": "javascript/ssrf/ssrf_http_get_chained.js", "language": "javascript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-unguarded-sink" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-unguarded-sink" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-safe-001", "file": "javascript/ssrf/safe_ssrf_hardcoded.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-safe-002", "file": "javascript/ssrf/safe_http_get_hardcoded_chained.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-xss-001", "file": "javascript/xss/xss_reflected.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-xss-002", "file": "javascript/xss/xss_document_write.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.xss.document_write", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.xss.document_write", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-xss-003", "file": "javascript/xss/xss_location.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.xss.location_assign", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.xss.location_assign", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-xss-cross-001", "file": "javascript/xss/cross_propagation/", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.xss.document_write", "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.xss.document_write", "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-xss-react-001", "file": "javascript/xss/xss_react_dangerously.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-cmdi-001", "file": "php/cmdi/cmdi_direct.php", "language": "php", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.cmdi.system", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.cmdi.system", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-cmdi-002", "file": "php/cmdi/cmdi_indirect.php", "language": "php", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.cmdi.system", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.cmdi.system", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-code_injection-001", "file": "php/code_injection/code_injection.php", "language": "php", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.code_exec.eval", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.code_exec.eval", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-code_injection-002", "file": "php/code_injection/code_injection_assert.php", "language": "php", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-crypto-001", "file": "php/crypto/crypto_md5_password_hash.php", "language": "php", "vuln_class": "crypto", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "php.crypto.md5", "php.crypto.sha1", "php.crypto.sha1", "php.crypto.md5", "php.crypto.sha1" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.crypto.md5", "php.crypto.sha1", "php.crypto.sha1", "php.crypto.md5", "php.crypto.sha1" ], "security_finding_count": 5, "non_security_finding_count": 0 }, { "case_id": "php-deser-001", "file": "php/deser/deser_unserialize.php", "language": "php", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 2:1)", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 2:1)", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "php-deser-002", "file": "php/deser/deser_unserialize_allowed_true.php", "language": "php", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 7:1)", "taint-unsanitised-flow (source 7:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 7:1)", "taint-unsanitised-flow (source 7:1)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "php-deser-003", "file": "php/deser/deser_unserialize_method_named_unserialize_with_user_input.php", "language": "php", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 13:38)", "php.deser.unserialize" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 13:38)", "php.deser.unserialize" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "php-interproc-001", "file": "php/interprocedural/interproc_taint_propagation.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-interproc-safe-001", "file": "php/interprocedural/interproc_sanitizer_wrap.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-isgranted-001", "file": "php/auth/safe_isgranted.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-isgranted-vuln-001", "file": "php/auth/vuln_no_isgranted.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-path_traversal-001", "file": "php/path_traversal/path_traversal.php", "language": "php", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-path_traversal-002", "file": "php/path_traversal/path_traversal_copy.php", "language": "php", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-path_traversal-003", "file": "php/path_traversal/path_traversal_concat.php", "language": "php", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.path.include_variable" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.path.include_variable" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-safe-001", "file": "php/safe/safe_constant.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-002", "file": "php/safe/safe_dominated.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-003", "file": "php/safe/safe_interprocedural.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-004", "file": "php/safe/safe_non_security_sink.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-005", "file": "php/safe/safe_reassigned.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-006", "file": "php/safe/safe_sanitized.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-007", "file": "php/safe/safe_type_check.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-008", "file": "php/safe/safe_validated.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-014", "file": "php/safe/safe_direct_path_sanitizer.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-015", "file": "php/safe/safe_nullable_path_sanitizer.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-016", "file": "php/safe/safe_cross_function_dotdot.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-017", "file": "php/safe/safe_unserialize_allowed_classes.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-018", "file": "php/safe/safe_include_param_passthrough.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-019", "file": "php/safe/safe_md5_sha1_non_crypto_use.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-020", "file": "php/safe/safe_serializable_magic_method_unserialize.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-camelcase-validator-001", "file": "php/safe/safe_camelcase_validator_negated.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-filter-001", "file": "php/safe/safe_filter_input.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-sqli-001", "file": "php/sqli/sqli_concat.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-sqli-002", "file": "php/sqli/sqli_sprintf.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-sqli-pdo-001", "file": "php/sqli/sqli_pdo_raw.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-ssrf-001", "file": "php/ssrf/ssrf_curl.php", "language": "php", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-ssrf-002", "file": "php/ssrf/ssrf_class_method_fopen.php", "language": "php", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 14:9)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "cfg-resource-leak", "taint-unsanitised-flow (source 14:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-ssrf-safe-001", "file": "php/ssrf/safe_ssrf_hardcoded.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-xss-001", "file": "php/xss/xss_reflected.php", "language": "php", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-auth-decorator-001", "file": "python/safe/safe_login_required_decorator.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-decorator-vuln-001", "file": "python/auth/vuln_no_auth_decorator.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-auth-gap" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-auth-gap" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-001", "file": "python/safe/safe_django_migration_token.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-002", "file": "python/safe/safe_pytest_conftest_marker.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-003", "file": "python/safe/safe_celery_task_no_user_input.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-004", "file": "python/auth/vuln_token_override_django_handler.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.token_override_without_validation" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.auth.token_override_without_validation" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-005", "file": "python/safe/safe_fastapi_route_dependencies_auth.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-006", "file": "python/safe/safe_pytest_sqlalchemy_session.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-007", "file": "python/safe/safe_fastapi_route_level_row_fetch.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-007", "file": "python/auth/vuln_fastapi_route_no_dependencies.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-008", "file": "python/safe/safe_django_orm_caller_scoped_entity.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-009", "file": "python/auth/vuln_user_id_param_no_auth.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.missing_ownership_check", "py.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.auth.missing_ownership_check", "py.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-010", "file": "python/safe/safe_mock_patch_test_method.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-011", "file": "python/safe/safe_bare_callee_no_receiver.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-012", "file": "python/safe/safe_local_set_update_no_orm.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-013", "file": "python/auth/vuln_local_set_with_user_id_query.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.missing_ownership_check", "py.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.auth.missing_ownership_check", "py.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-014", "file": "python/auth/vuln_fastapi_route_no_dependencies_sqla.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-015", "file": "python/safe/safe_fastapi_route_security_scopes.py", "language": "python", "vuln_class": "auth", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-016", "file": "python/auth/vuln_fastapi_route_security_no_scopes.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-017", "file": "python/safe/safe_fastapi_router_level_security_scopes.py", "language": "python", "vuln_class": "auth", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-018", "file": "python/auth/vuln_fastapi_router_no_dependencies.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.missing_ownership_check" ], "unexpected_rule_ids": [ "py.auth.token_override_without_validation" ], "all_finding_ids": [ "py.auth.missing_ownership_check", "py.auth.token_override_without_validation" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-019", "file": "python/safe/safe_caller_scope_helper_under_authorized_route.py", "language": "python", "vuln_class": "auth", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-020", "file": "python/auth/vuln_caller_scope_helper_under_bare_route.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.missing_ownership_check" ], "unexpected_rule_ids": [ "py.auth.token_override_without_validation" ], "all_finding_ids": [ "py.auth.missing_ownership_check", "py.auth.token_override_without_validation" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-001", "file": "python/cmdi/cmdi_direct.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 5:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 5:11)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-002", "file": "python/cmdi/cmdi_indirect.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.subprocess_shell", "taint-unsanitised-flow (source 5:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.subprocess_shell", "taint-unsanitised-flow (source 5:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-cross-001", "file": "python/cmdi/cross_propagation/", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 4:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 4:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-cross-002", "file": "python/cmdi/cross_source/", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.subprocess_shell" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.subprocess_shell" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-cross-003", "file": "python/cmdi/cross_sanitizer/", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 4:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 4:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-cross-004", "file": "python/cmdi/cross_indirect_sink/", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 6:5)" ], "unexpected_rule_ids": [ "cfg-unguarded-sink" ], "all_finding_ids": [ "cfg-unguarded-sink", "py.cmdi.os_system", "taint-unsanitised-flow (source 6:5)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-popen-001", "file": "python/cmdi/cmdi_popen_shell.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 5:11)" ], "unexpected_rule_ids": [ "py.cmdi.subprocess_shell" ], "all_finding_ids": [ "py.cmdi.subprocess_shell", "state-resource-leak", "taint-unsanitised-flow (source 5:11)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "py-code_injection-001", "file": "python/code_injection/code_injection.py", "language": "python", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.code_exec.eval", "taint-unsanitised-flow (source 4:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.code_exec.eval", "taint-unsanitised-flow (source 4:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-code_injection-002", "file": "python/code_injection/code_injection_exec.py", "language": "python", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.code_exec.exec", "taint-unsanitised-flow (source 4:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.code_exec.exec", "taint-unsanitised-flow (source 4:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-context-sanitize-001", "file": "python/safe/safe_with_context_sanitize.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-data_exfil-001", "file": "python/data_exfil/exfil_requests_post_env_dict.py", "language": "python", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 14:25)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 14:25)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-data_exfil-002", "file": "python/data_exfil/exfil_httpx_async_post_env.py", "language": "python", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 12:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 12:15)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-deser-001", "file": "python/deser/deser_pickle.py", "language": "python", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.deser.pickle_loads", "taint-unsanitised-flow (source 5:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.deser.pickle_loads", "taint-unsanitised-flow (source 5:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-interproc-001", "file": "python/interprocedural/interproc_taint_propagation.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:9)" ], "unexpected_rule_ids": [ "py.cmdi.os_system" ], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 8:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-interproc-safe-001", "file": "python/interprocedural/interproc_sanitizer_wrap.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-path_traversal-001", "file": "python/path_traversal/path_traversal.py", "language": "python", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-path_traversal-no-relative-to", "file": "python/path_traversal/path_traversal_no_relative_to.py", "language": "python", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 11:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 11:15)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-pathprune-safe-001", "file": "python/path_pruning/safe_early_return.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-001", "file": "python/safe/safe_constant.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-002", "file": "python/safe/safe_dominated.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-003", "file": "python/safe/safe_interprocedural.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-004", "file": "python/safe/safe_non_security_sink.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-005", "file": "python/safe/safe_reassigned.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-006", "file": "python/safe/safe_sanitized.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-007", "file": "python/safe/safe_type_check.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-008", "file": "python/safe/safe_validated.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-014", "file": "python/safe/safe_direct_path_sanitizer.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-015", "file": "python/safe/safe_optional_path_sanitizer.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-016", "file": "python/safe/safe_cross_function_dotdot.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-022", "file": "python/safe/safe_canonicalise_rooted_startswith.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-data_exfil-001", "file": "python/safe/safe_data_exfil_user_input_echo.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-int-001", "file": "python/safe/safe_int_cast.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-relative-to-validator", "file": "python/safe/safe_relative_to_validator.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-sqli-001", "file": "python/sqli/sqli_concat.py", "language": "python", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 5:15)" ], "unexpected_rule_ids": [ "cfg-resource-leak", "py.sqli.execute_format" ], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak", "py.sqli.execute_format", "taint-unsanitised-flow (source 5:15)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "py-sqli-002", "file": "python/sqli/sqli_format.py", "language": "python", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "py.sqli.execute_format", "taint-unsanitised-flow (source 5:15)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak", "py.sqli.execute_format", "taint-unsanitised-flow (source 5:15)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "py-ssrf-001", "file": "python/ssrf/ssrf_requests.py", "language": "python", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:11)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-ssrf-002", "file": "python/ssrf/ssrf_httpx_post.py", "language": "python", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:11)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-ssrf-safe-001", "file": "python/ssrf/safe_ssrf_constant.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-validator-sentinel-001", "file": "python/safe/safe_validator_sentinel.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-validator-sentinel-vuln-001", "file": "python/sqli/vuln_validator_sentinel_bypass.py", "language": "python", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 17:11)", "taint-unsanitised-flow (source 17:11)" ], "unexpected_rule_ids": [ "state-resource-leak", "py.sqli.execute_format" ], "all_finding_ids": [ "taint-unsanitised-flow (source 17:11)", "state-resource-leak", "py.sqli.execute_format", "taint-unsanitised-flow (source 17:11)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "py-xss-001", "file": "python/xss/xss_reflected.py", "language": "python", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:12)" ], "unexpected_rule_ids": [ "py.xss.make_response_format" ], "all_finding_ids": [ "py.xss.make_response_format", "taint-unsanitised-flow (source 4:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-xss-002", "file": "python/xss/xss_template_string.py", "language": "python", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-template-injection (source 5:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-template-injection (source 5:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rb-data_exfil-001", "file": "ruby/data_exfil/exfil_net_http_post_cookie.rb", "language": "ruby", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 7:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 7:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rb-interproc-001", "file": "ruby/interprocedural/interproc_taint_propagation.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rb-interproc-safe-001", "file": "ruby/interprocedural/interproc_sanitizer_wrap.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rb-safe-014", "file": "ruby/safe/safe_direct_path_sanitizer.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rb-safe-015", "file": "ruby/safe/safe_nil_path_sanitizer.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rb-safe-016", "file": "ruby/safe/safe_cross_function_dotdot.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rb-safe-021", "file": "ruby/safe/safe_canonicalise_rooted_unless.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rb-safe-data_exfil-001", "file": "ruby/safe/safe_data_exfil_user_input_echo.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-001", "file": "rust/auth/actix_scoped_write_missing.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-002", "file": "rust/auth/true_positive_missing_check.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-003", "file": "rust/auth/row_ownership_no_early_exit.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-101", "file": "rust/auth/hashmap_local_noise.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-102", "file": "rust/auth/helper_scoped_params.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-103", "file": "rust/auth/row_ownership_equality.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-104", "file": "rust/auth/self_scoped_user.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-105", "file": "rust/auth/db_connection_type_inferred.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-auth-106", "file": "rust/auth/sql_join_acl.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-107", "file": "rust/auth/transitive_helper.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-108", "file": "rust/auth/row_fetch_then_authorize.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-auth-109", "file": "rust/auth/predicate_role_check.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-auth-110", "file": "rust/auth/unsafe_row_fetch_no_authz.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check", "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.quality.todo", "rs.auth.missing_ownership_check", "rs.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 2 }, { "case_id": "rs-auth-dto-int-field-001", "file": "rust/auth/safe_dto_int_field_axum.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-dto-string-field-001", "file": "rust/auth/unsafe_dto_string_field_axum.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-001", "file": "rust/auth/self_actor_uid_copy.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-002", "file": "rust/auth/require_resource_role_helper.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-003", "file": "rust/auth/self_publish_email.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-006", "file": "rust/auth/safe_row_population_reverse_walk.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-auth-realrepo-007", "file": "rust/auth/safe_row_fetch_multiline_let.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-auth-realrepo-008", "file": "rust/auth/unsafe_row_population_no_check.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check", "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.auth.missing_ownership_check", "rs.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 1 }, { "case_id": "rs-auth-realrepo-009", "file": "rust/auth/safe_local_user_view_extractor.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-010", "file": "rust/auth/unsafe_local_user_view_extractor.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-011", "file": "rust/auth/safe_param_type_segment_idents.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-012", "file": "rust/auth/safe_local_collection_param_types.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-013", "file": "rust/auth/unsafe_handler_local_collection_does_not_blanket_suppress.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-014", "file": "rust/auth/safe_actix_guarded_data_extractor.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-auth-realrepo-015", "file": "rust/auth/unsafe_actix_no_guarded_data_extractor.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-auth-realrepo-016", "file": "rust/safe/safe_non_web_rust_project", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-017", "file": "rust/auth/unsafe_actix_web_project_no_check", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-typed-extractors-001", "file": "rust/auth/safe_typed_path_int_extractor.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-cmdi-001", "file": "rust/cmdi/cmdi_command.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:15)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-002", "file": "rust/cmdi/cmdi_command_output.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-003", "file": "rust/cmdi/cmdi_indirect.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:17)" ], "unexpected_rule_ids": [ "cfg-unguarded-sink" ], "all_finding_ids": [ "cfg-unguarded-sink", "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 9:17)" ], "security_finding_count": 2, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-004", "file": "rust/cmdi/cmdi_args.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:20)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:20)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-005", "file": "rust/cmdi/cmdi_format_macro.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-006", "file": "rust/cmdi/cmdi_match_source.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 5:22)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-cmdi-007", "file": "rust/cmdi/cmdi_string_concat.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-008", "file": "rust/cmdi/cmdi_static_map_dangerous.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 6:15)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-009", "file": "rust/cmdi/cmdi_indirect_multisink.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 11:13)" ], "unexpected_rule_ids": [ "cfg-unguarded-sink", "cfg-unguarded-sink" ], "all_finding_ids": [ "cfg-unguarded-sink", "rs.quality.unwrap", "cfg-unguarded-sink", "rs.quality.unwrap", "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 11:13)" ], "security_finding_count": 3, "non_security_finding_count": 4 }, { "case_id": "rs-cmdi-cross-001", "file": "rust/cmdi/cross_propagation/", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 7:17)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-data_exfil-001", "file": "rust/data_exfil/exfil_reqwest_form_env.rs", "language": "rust", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-data-exfiltration (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-deser-001", "file": "rust/deser/deser_serde_yaml.rs", "language": "rust", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 8:15)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-001", "file": "rust/path_traversal/path_read.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-002", "file": "rust/path_traversal/path_write.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-003", "file": "rust/path_traversal/path_file_open.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-004", "file": "rust/path_traversal/path_file_create.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-005", "file": "rust/path_traversal/path_remove.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-006", "file": "rust/traversal/traversal_no_sanitizer.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 10:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 10:15)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-safe-001", "file": "rust/safe/safe_constant.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-002", "file": "rust/safe/safe_sanitized_shell.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-003", "file": "rust/safe/safe_reassigned.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-004", "file": "rust/safe/safe_validated.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.panic_macro", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 3 }, { "case_id": "rs-safe-005", "file": "rust/safe/safe_hardcoded_url.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-safe-006", "file": "rust/safe/safe_type_check.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.expect", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 3 }, { "case_id": "rs-safe-007", "file": "rust/safe/safe_interprocedural.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-008", "file": "rust/safe/safe_dominated.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-009", "file": "rust/safe/safe_shell_metachar.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-009", "file": "rust/safe/safe_match_guard.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-010", "file": "rust/safe/safe_static_map_lookup.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-011", "file": "rust/safe/safe_parsed_port.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.expect", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 3 }, { "case_id": "rs-safe-012", "file": "rust/safe/safe_path_contains_dotdot.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-014", "file": "rust/safe/safe_option_sanitizer.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-015", "file": "rust/safe/safe_path_is_absolute.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-016", "file": "rust/safe/safe_cross_function_dotdot.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-cross-001", "file": "rust/cmdi/cross_sanitizer/", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-fileio-int-uid", "file": "rust/safe/safe_parsed_uid_path.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-format-named-arg-sanitized", "file": "rust/safe/safe_format_string_sanitized.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-sqli-001", "file": "rust/sqli/sqli_rusqlite_format.rs", "language": "rust", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 1, "non_security_finding_count": 3 }, { "case_id": "rs-sqli-002", "file": "rust/sqli/sqli_metachar_gate_wrong_sink.rs", "language": "rust", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 1, "non_security_finding_count": 3 }, { "case_id": "rs-sqli-format-named-arg", "file": "rust/sqli/sqli_format_named_arg.rs", "language": "rust", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 17:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 17:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-ssrf-001", "file": "rust/ssrf/ssrf_reqwest.rs", "language": "rust", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 4:15)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-ssrf-002", "file": "rust/ssrf/ssrf_indirect.rs", "language": "rust", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 8:18)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-ssrf-003", "file": "rust/ssrf/ssrf_client_builder.rs", "language": "rust", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 4:15)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-xss-001", "file": "rust/xss/axum_html/", "language": "rust", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 3:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 3:16)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-auth-missing-post-fetch-001", "file": "ruby/auth/auth_missing_post_fetch_check.rb", "language": "ruby", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-before-action-001", "file": "ruby/auth/safe_before_action.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-cmdi-001", "file": "ruby/cmdi/cmdi_system.rb", "language": "ruby", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.cmdi.system_interp", "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.cmdi.system_interp", "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-cmdi-002", "file": "ruby/cmdi/cmdi_backtick.rb", "language": "ruby", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.cmdi.backtick", "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.cmdi.backtick", "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-cmdi-003", "file": "ruby/cmdi/cmdi_kernel_open.rb", "language": "ruby", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 10:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 10:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-code_injection-001", "file": "ruby/code_injection/code_injection_eval.rb", "language": "ruby", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.code_exec.eval", "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.code_exec.eval", "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-deser-001", "file": "ruby/deser/deser_marshal.rb", "language": "ruby", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.deser.marshal_load", "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.deser.marshal_load", "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-deser-002", "file": "ruby/deser/deser_yaml.rb", "language": "ruby", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.deser.yaml_load", "taint-unsanitised-flow (source 4:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.deser.yaml_load", "taint-unsanitised-flow (source 4:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-path_traversal-001", "file": "ruby/path_traversal/path_traversal_send_file.rb", "language": "ruby", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-path_traversal-002", "file": "ruby/path_traversal/path_traversal_yaml_load_file_read.rb", "language": "ruby", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 3:1)", "taint-unsanitised-flow (source 7:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 3:1)", "taint-unsanitised-flow (source 7:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-001", "file": "ruby/safe/safe_constant.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-002", "file": "ruby/safe/safe_dominated.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-003", "file": "ruby/safe/safe_interprocedural.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-004", "file": "ruby/safe/safe_non_security_sink.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-005", "file": "ruby/safe/safe_reassigned.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-006", "file": "ruby/safe/safe_sanitized.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-007", "file": "ruby/safe/safe_type_check.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-008", "file": "ruby/safe/safe_validated.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-009", "file": "ruby/safe/safe_kernel_open_file_namespaced.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-ar-query-shapes-001", "file": "ruby/safe/safe_active_record_query_shapes.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-post-fetch-ownership-001", "file": "ruby/safe/safe_post_fetch_ownership_check.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-rails-callback-helper-no-private-001", "file": "ruby/safe/safe_rails_callback_helper_no_private.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-rails-private-callback-helper-001", "file": "ruby/safe/safe_rails_private_callback_helper.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-strong-params-001", "file": "ruby/safe/safe_strong_params.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-sqli-001", "file": "ruby/sqli/sqli_find_by_sql.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-sqli-002", "file": "ruby/sqli/sqli_execute.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-sqli-where-chained-interp-001", "file": "ruby/sqli/sqli_where_chained_interpolation.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-sqli-where-string-interp-001", "file": "ruby/sqli/sqli_where_string_interpolation.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-ssrf-001", "file": "ruby/ssrf/ssrf_httparty.rb", "language": "ruby", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-ssrf-002", "file": "ruby/ssrf/ssrf_net_http.rb", "language": "ruby", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-ssrf-003", "file": "ruby/ssrf/ssrf_open_uri.rb", "language": "ruby", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-ssrf-safe-001", "file": "ruby/ssrf/safe_ssrf_hardcoded.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-xss-001", "file": "ruby/xss/xss_html_safe.rb", "language": "ruby", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-xss-002", "file": "ruby/xss/xss_raw.rb", "language": "ruby", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-001", "file": "typescript/auth/safe_session_user_id_copy.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.quality.any_annotation" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "ts-auth-realrepo-002", "file": "typescript/auth/vuln_target_user_id_no_check.ts", "language": "typescript", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-003", "file": "typescript/auth/safe_destructured_session_user.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-004", "file": "typescript/auth/safe_trpc_ctx_user_options.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-005", "file": "typescript/auth/vuln_trpc_ctx_input_id_no_check.ts", "language": "typescript", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "js.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-006", "file": "typescript/auth/safe_local_collection_receiver.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-007", "file": "typescript/auth/vuln_local_collection_does_not_blanket_suppress.ts", "language": "typescript", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "js.auth.missing_ownership_check", "js.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.auth.missing_ownership_check", "js.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-cmdi-001", "file": "typescript/cmdi/cmdi_exec_template.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-cmdi-002", "file": "typescript/cmdi/cmdi_async_wrapper.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:5)", "taint-unsanitised-flow (source 9:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:5)", "taint-unsanitised-flow (source 9:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-code_injection-001", "file": "typescript/code_injection/code_exec_eval.ts", "language": "typescript", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)", "ts.code_exec.eval", "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)", "ts.code_exec.eval", "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "ts-code_injection-002", "file": "typescript/code_injection/code_exec_new_function.ts", "language": "typescript", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.code_exec.new_function", "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.code_exec.new_function", "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-crypto-001", "file": "typescript/crypto/weak_hash_md5.ts", "language": "typescript", "vuln_class": "crypto", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.crypto.weak_hash_import" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.crypto.weak_hash_import" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-data_exfil-001", "file": "typescript/data_exfil/exfil_fetch_cookie_body.ts", "language": "typescript", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-data_exfil-002", "file": "typescript/data_exfil/exfil_fetch_header_body.ts", "language": "typescript", "vuln_class": "data_exfil", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-data-exfiltration (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-data-exfiltration (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-iife-closure-001", "file": "typescript/safe/safe_iife_closure_sanitizer.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-iife-closure-vuln-001", "file": "typescript/xss/vuln_iife_closure_no_sanitizer.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 15:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 15:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-insecure_config-001", "file": "typescript/insecure_config/reject_unauthorized.ts", "language": "typescript", "vuln_class": "insecure_config", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.config.reject_unauthorized" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.config.reject_unauthorized" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-insecure_config-002", "file": "typescript/insecure_config/cookie_httponly.ts", "language": "typescript", "vuln_class": "insecure_config", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.config.insecure_session_httponly" ], "unexpected_rule_ids": [ "ts.secrets.hardcoded_secret" ], "all_finding_ids": [ "ts.secrets.hardcoded_secret", "ts.config.insecure_session_httponly" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-interproc-001", "file": "typescript/interprocedural/interproc_class_method.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 14:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 14:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-open_redirect-001", "file": "typescript/open_redirect/location_href.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)", "ts.xss.location_assign" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)", "ts.xss.location_assign" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-path_traversal-001", "file": "typescript/path_traversal/path_traversal_sendfile.ts", "language": "typescript", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-prototype-001", "file": "typescript/prototype/proto_assignment.ts", "language": "typescript", "vuln_class": "prototype", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.prototype.proto_assignment" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.prototype.proto_assignment", "ts.quality.as_any" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "ts-safe-001", "file": "typescript/safe/safe_dompurify.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-002", "file": "typescript/safe/safe_number_coerce.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-003", "file": "typescript/safe/safe_encode_uri.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-004", "file": "typescript/safe/safe_hardcoded_url.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-005", "file": "typescript/safe/safe_validator_escape.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-006", "file": "typescript/safe/safe_typeof_guard.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-007", "file": "typescript/safe/safe_interproc_sanitizer.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-008", "file": "typescript/safe/safe_constant_query.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-009", "file": "typescript/safe/safe_parameterized.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-010", "file": "typescript/safe/safe_jsx_text.tsx", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-014", "file": "typescript/safe/safe_direct_path_sanitizer.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-015", "file": "typescript/safe/safe_null_path_sanitizer.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-016", "file": "typescript/safe/safe_cross_function_dotdot.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-017", "file": "typescript/safe/safe_strapi_db_query_chain.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.quality.any_annotation" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "ts-safe-018", "file": "typescript/safe/safe_indirect_validator.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-019", "file": "typescript/safe/safe_helper_with_validator.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-020", "file": "typescript/safe/safe_env_empty_fallback.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-021", "file": "typescript/safe/safe_validated_helper_chain.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-022", "file": "typescript/safe/safe_jest_test_callback_no_handler.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.quality.any_annotation", "ts.quality.any_annotation", "ts.quality.any_annotation", "ts.quality.any_annotation" ], "security_finding_count": 0, "non_security_finding_count": 4 }, { "case_id": "ts-secrets-001", "file": "typescript/secrets/fallback_secret.ts", "language": "typescript", "vuln_class": "secrets", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.secrets.fallback_secret" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.secrets.fallback_secret" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-sqli-001", "file": "typescript/sqli/sqli_template_literal.ts", "language": "typescript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-sqli-002", "file": "typescript/sqli/sqli_prisma_raw.ts", "language": "typescript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)", "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)", "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-sqli-003", "file": "typescript/sqli/sqli_db_query_concat.ts", "language": "typescript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 15:5)", "taint-unsanitised-flow (source 21:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.quality.any_annotation", "ts.quality.any_annotation", "taint-unsanitised-flow (source 15:5)", "taint-unsanitised-flow (source 21:5)", "ts.quality.any_annotation" ], "security_finding_count": 2, "non_security_finding_count": 3 }, { "case_id": "ts-sqli-realrepo-arrow-002", "file": "typescript/sqli/sqli_arrow_handler_param.ts", "language": "typescript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:27)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:27)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-ssrf-001", "file": "typescript/ssrf/ssrf_axios_user_url.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-ssrf-002", "file": "typescript/ssrf/ssrf_fastify_fetch.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)", "taint-unsanitised-flow (source 7:52)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)", "taint-unsanitised-flow (source 7:52)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-ssrf-003", "file": "typescript/ssrf/ssrf_encoded_host.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-type_system-001", "file": "typescript/type_system/discriminated_union_narrow.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-unguarded-sink", "cfg-unguarded-sink" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-unguarded-sink", "cfg-unguarded-sink" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-type_system-002", "file": "typescript/type_system/interface_dispatch.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 18:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 18:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-type_system-003", "file": "typescript/type_system/decorator_passthrough.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 14:5)", "taint-unsanitised-flow (source 22:13)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 14:5)", "taint-unsanitised-flow (source 22:13)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-xss-001", "file": "typescript/xss/xss_typed_innerhtml.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-xss-002", "file": "typescript/xss/xss_as_any_cast.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.quality.as_any", "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "ts-xss-003", "file": "typescript/xss/xss_generic_identity.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-xss-004", "file": "typescript/xss/xss_optional_chain_source.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-xss-005", "file": "typescript/xss/xss_dangerously_set_inner_html.tsx", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:5)", "taint-unsanitised-flow (source 6:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:5)", "taint-unsanitised-flow (source 6:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 } ], "aggregate_file_level": { "tp": 275, "fp": 0, "fn_": 1, "tn": 288, "precision": 1.0, "recall": 0.9963768115942029, "f1": 0.9981851179673321 }, "aggregate_rule_level": { "tp": 275, "fp": 0, "fn_": 1, "tn": 288, "precision": 1.0, "recall": 0.9963768115942029, "f1": 0.9981851179673321 }, "by_language": { "c": { "tp": 18, "fp": 0, "fn_": 0, "tn": 18, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "cpp": { "tp": 19, "fp": 0, "fn_": 0, "tn": 16, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "go": { "tp": 30, "fp": 0, "fn_": 0, "tn": 36, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "java": { "tp": 22, "fp": 0, "fn_": 1, "tn": 23, "precision": 1.0, "recall": 0.9565217391304348, "f1": 0.9777777777777777 }, "javascript": { "tp": 25, "fp": 0, "fn_": 0, "tn": 32, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "php": { "tp": 22, "fp": 0, "fn_": 0, "tn": 23, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "python": { "tp": 38, "fp": 0, "fn_": 0, "tn": 41, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "ruby": { "tp": 24, "fp": 0, "fn_": 0, "tn": 26, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "rust": { "tp": 41, "fp": 0, "fn_": 0, "tn": 46, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "typescript": { "tp": 36, "fp": 0, "fn_": 0, "tn": 27, "precision": 1.0, "recall": 1.0, "f1": 1.0 } }, "by_vuln_class": { "auth": { "tp": 25, "fp": 0, "fn_": 0, "tn": 3, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "buffer_overflow": { "tp": 7, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "cmdi": { "tp": 59, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "code_exec": { "tp": 5, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "code_injection": { "tp": 10, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "crypto": { "tp": 2, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "data_exfil": { "tp": 13, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "deser": { "tp": 9, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "deserialization": { "tp": 5, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "fmt_string": { "tp": 5, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "insecure_config": { "tp": 2, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "memory_safety": { "tp": 3, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "path_traversal": { "tp": 32, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "prototype": { "tp": 1, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "resource": { "tp": 2, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "safe": { "tp": 0, "fp": 0, "fn_": 0, "tn": 285, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "secrets": { "tp": 1, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "sql_injection": { "tp": 2, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "sqli": { "tp": 36, "fp": 0, "fn_": 1, "tn": 0, "precision": 1.0, "recall": 0.972972972972973, "f1": 0.9863013698630138 }, "ssrf": { "tp": 32, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "xss": { "tp": 24, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 } }, "by_confidence": { ">=High": { "tp": 81, "fp": 118, "fn_": 195, "tn": 170, "precision": 0.40703517587939697, "recall": 0.29347826086956524, "f1": 0.3410526315789474 }, ">=Low": { "tp": 81, "fp": 147, "fn_": 195, "tn": 141, "precision": 0.35526315789473684, "recall": 0.29347826086956524, "f1": 0.3214285714285714 }, ">=Medium": { "tp": 81, "fp": 139, "fn_": 195, "tn": 149, "precision": 0.36818181818181817, "recall": 0.29347826086956524, "f1": 0.3266129032258065 } } }