{ "benchmark_version": "1.0", "timestamp": "2026-04-29T03:43:28Z", "scanner_version": "0.5.0", "scanner_config": { "analysis_mode": "Full", "taint_enabled": true, "ast_patterns_enabled": true, "state_analysis_enabled": true, "worker_threads": 1 }, "ground_truth_hash": "sha256:3e034f1fc5c7bb7838f1fb2c63de5ca5a36aacfdf5d66cf25f30bff99f25f1cf", "corpus_size": 433, "cases_run": 432, "cases_skipped": 1, "outcomes": [ { "case_id": "c-buf-001", "file": "c/buffer_overflow/buffer_sprintf.c", "language": "c", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:19)" ], "unexpected_rule_ids": [ "c.memory.sprintf" ], "all_finding_ids": [ "c.memory.sprintf", "taint-unsanitised-flow (source 6:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-buf-002", "file": "c/buffer_overflow/buffer_strcpy.c", "language": "c", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [ "c.memory.strcpy" ], "all_finding_ids": [ "c.memory.strcpy", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-buf-003", "file": "c/buffer_overflow/buffer_strcat.c", "language": "c", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [ "c.memory.strcat" ], "all_finding_ids": [ "c.memory.strcat", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-buf-005", "file": "c/buffer_overflow/buffer_strcpy_user_arg.c", "language": "c", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.memory.strcpy" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.memory.strcpy" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-cmdi-001", "file": "c/cmdi/cmdi_system.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.cmdi.system", "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.cmdi.system", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-cmdi-002", "file": "c/cmdi/cmdi_popen.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.cmdi.popen", "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.cmdi.popen", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-cmdi-003", "file": "c/cmdi/cmdi_exec.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-cmdi-004", "file": "c/cmdi/cmdi_fgets.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.cmdi.system", "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.cmdi.system", "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-fmt-001", "file": "c/fmt_string/fmt_printf.c", "language": "c", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [ "c.memory.printf_no_fmt" ], "all_finding_ids": [ "c.memory.printf_no_fmt", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "c-fmt-002", "file": "c/fmt_string/fmt_fprintf.c", "language": "c", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-path-001", "file": "c/path_traversal/path_traversal_fopen.c", "language": "c", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-path-002", "file": "c/path_traversal/path_traversal_open.c", "language": "c", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "c-safe-001", "file": "c/safe/safe_constant.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-002", "file": "c/safe/safe_sanitized_snprintf.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-003", "file": "c/safe/safe_atoi.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-004", "file": "c/safe/safe_reassigned.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-005", "file": "c/safe/safe_strncpy.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-006", "file": "c/safe/safe_validated.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-007", "file": "c/safe/safe_strtol.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-008", "file": "c/safe/safe_sanitize_func.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-014", "file": "c/safe/safe_direct_path_sanitizer.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-015", "file": "c/safe/safe_status_code_sanitizer.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-016", "file": "c/safe/safe_cross_function_dotdot.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-017", "file": "c/safe/safe_strcpy_literal_src.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-safe-018", "file": "c/safe/safe_sprintf_bounded_format.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "c-ssrf-001", "file": "c/ssrf/ssrf_curl.c", "language": "c", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-buf-001", "file": "cpp/buffer_overflow/buffer_sprintf.cpp", "language": "cpp", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:19)" ], "unexpected_rule_ids": [ "cpp.memory.sprintf" ], "all_finding_ids": [ "cpp.memory.sprintf", "taint-unsanitised-flow (source 6:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-buf-002", "file": "cpp/buffer_overflow/buffer_strcpy.cpp", "language": "cpp", "vuln_class": "buffer_overflow", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [ "cpp.memory.strcpy" ], "all_finding_ids": [ "cpp.memory.strcpy", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-001", "file": "cpp/cmdi/cmdi_system.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.cmdi.system", "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.cmdi.system", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-002", "file": "cpp/cmdi/cmdi_popen.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.cmdi.popen", "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.cmdi.popen", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-003", "file": "cpp/cmdi/cmdi_getline.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.cmdi.system", "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.cmdi.system", "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-004", "file": "cpp/cmdi/cmdi_exec.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-005", "file": "cpp/cmdi/cmdi_stl_vector_string.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 16:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 16:23)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-006", "file": "cpp/cmdi/cmdi_lambda_passthrough.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 14:19)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 14:19)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-cmdi-007", "file": "cpp/cmdi/cmdi_class_inline_method.cpp", "language": "cpp", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 25:19)" ], "unexpected_rule_ids": [ "cfg-unguarded-sink" ], "all_finding_ids": [ "cfg-unguarded-sink", "taint-unsanitised-flow (source 25:19)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-fmt-001", "file": "cpp/fmt_string/fmt_printf.cpp", "language": "cpp", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [ "cpp.memory.printf_no_fmt" ], "all_finding_ids": [ "cpp.memory.printf_no_fmt", "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cpp-fmt-002", "file": "cpp/fmt_string/fmt_fprintf.cpp", "language": "cpp", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:17)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-path-001", "file": "cpp/path_traversal/path_traversal_fopen.cpp", "language": "cpp", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-path-002", "file": "cpp/path_traversal/path_traversal_open.cpp", "language": "cpp", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-001", "file": "cpp/safe/safe_constant.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-002", "file": "cpp/safe/safe_snprintf.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-003", "file": "cpp/safe/safe_stoi.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-004", "file": "cpp/safe/safe_reassigned.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-005", "file": "cpp/safe/safe_strncpy.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-006", "file": "cpp/safe/safe_validated.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-007", "file": "cpp/safe/safe_sanitize_func.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-008", "file": "cpp/safe/safe_strtol.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-014", "file": "cpp/safe/safe_direct_path_sanitizer.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-015", "file": "cpp/safe/safe_optional_path_sanitizer.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-016", "file": "cpp/safe/safe_cross_function_dotdot.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-017", "file": "cpp/safe/safe_stl_vector_int.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-safe-018", "file": "cpp/safe/safe_builder_const_host.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cpp-ssrf-001", "file": "cpp/ssrf/ssrf_curl.cpp", "language": "cpp", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:18)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-ssrf-002", "file": "cpp/ssrf/ssrf_connect.cpp", "language": "cpp", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 10:21)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 10:21)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cpp-ssrf-003", "file": "cpp/ssrf/ssrf_builder_user_host.cpp", "language": "cpp", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 23:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 23:23)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-c-2016-3714-patched", "file": "cve_corpus/c/CVE-2016-3714/patched.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-c-2016-3714-vulnerable", "file": "cve_corpus/c/CVE-2016-3714/vulnerable.c", "language": "c", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.cmdi.system" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.cmdi.system" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-c-2019-18634-patched", "file": "cve_corpus/c/CVE-2019-18634/patched.c", "language": "c", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-c-2019-18634-vulnerable", "file": "cve_corpus/c/CVE-2019-18634/vulnerable.c", "language": "c", "vuln_class": "memory_safety", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "c.memory.strcpy" ], "unexpected_rule_ids": [], "all_finding_ids": [ "c.memory.strcpy" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-cpp-2019-13132-patched", "file": "cve_corpus/cpp/CVE-2019-13132/patched.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-cpp-2019-13132-vulnerable", "file": "cve_corpus/cpp/CVE-2019-13132/vulnerable.cpp", "language": "cpp", "vuln_class": "memory_safety", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.memory.strcpy" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.memory.strcpy" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-cpp-2022-1941-patched", "file": "cve_corpus/cpp/CVE-2022-1941/patched.cpp", "language": "cpp", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-cpp-2022-1941-vulnerable", "file": "cve_corpus/cpp/CVE-2022-1941/vulnerable.cpp", "language": "cpp", "vuln_class": "memory_safety", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cpp.memory.strcpy" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cpp.memory.strcpy" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-go-2022-30323-patched", "file": "cve_corpus/go/CVE-2022-30323/patched.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-go-2022-30323-vulnerable", "file": "cve_corpus/go/CVE-2022-30323/vulnerable.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "taint-unsanitised-flow (source 30:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "taint-unsanitised-flow (source 30:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-go-2023-3188-patched", "file": "cve_corpus/go/CVE-2023-3188/patched.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-go-2023-3188-vulnerable", "file": "cve_corpus/go/CVE-2023-3188/vulnerable.go", "language": "go", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "FN", "outcome_rule_level": "FN", "outcome_location_level": "FN", "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-go-2024-31450-patched", "file": "cve_corpus/go/CVE-2024-31450/patched.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-go-2024-31450-vulnerable", "file": "cve_corpus/go/CVE-2024-31450/vulnerable.go", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 62:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 62:11)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-java-2015-7501-patched", "file": "cve_corpus/java/CVE-2015-7501/patched.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-java-2015-7501-vulnerable", "file": "cve_corpus/java/CVE-2015-7501/vulnerable.java", "language": "java", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 34:54)" ], "unexpected_rule_ids": [ "java.xss.getwriter_print" ], "all_finding_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 34:54)", "java.xss.getwriter_print" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "cve-java-2017-12629-patched", "file": "cve_corpus/java/CVE-2017-12629/patched.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-java-2017-12629-vulnerable", "file": "cve_corpus/java/CVE-2017-12629/vulnerable.java", "language": "java", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 29:21)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 29:21)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-js-2019-14939-patched", "file": "cve_corpus/javascript/CVE-2019-14939/patched.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-js-2019-14939-vulnerable", "file": "cve_corpus/javascript/CVE-2019-14939/vulnerable.js", "language": "javascript", "vuln_class": "code_exec", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 24:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 24:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-js-2025-64430-patched", "file": "cve_corpus/javascript/CVE-2025-64430/patched.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-js-2025-64430-vulnerable", "file": "cve_corpus/javascript/CVE-2025-64430/vulnerable.js", "language": "javascript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 52:30)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 52:30)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-php-2017-9841-patched", "file": "cve_corpus/php/CVE-2017-9841/patched.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-php-2017-9841-vulnerable", "file": "cve_corpus/php/CVE-2017-9841/vulnerable.php", "language": "php", "vuln_class": "code_exec", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.code_exec.eval", "taint-unsanitised-flow (source 21:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.code_exec.eval", "taint-unsanitised-flow (source 21:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-php-2018-15133-patched", "file": "cve_corpus/php/CVE-2018-15133/patched.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-php-2018-15133-vulnerable", "file": "cve_corpus/php/CVE-2018-15133/vulnerable.php", "language": "php", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 24:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 24:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-py-2017-18342-patched", "file": "cve_corpus/python/CVE-2017-18342/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2017-18342-vulnerable", "file": "cve_corpus/python/CVE-2017-18342/vulnerable.py", "language": "python", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.deser.yaml_load", "taint-unsanitised-flow (source 26:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.deser.yaml_load", "taint-unsanitised-flow (source 26:11)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-py-2023-48022-patched", "file": "cve_corpus/python/CVE-2023-48022/patched.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-py-2023-48022-vulnerable", "file": "cve_corpus/python/CVE-2023-48022/vulnerable.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 26:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 26:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2013-0156-patched", "file": "cve_corpus/ruby/CVE-2013-0156/patched.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2013-0156-vulnerable", "file": "cve_corpus/ruby/CVE-2013-0156/vulnerable.rb", "language": "ruby", "vuln_class": "deserialization", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.deser.yaml_load" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.deser.yaml_load" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2020-8130-patched", "file": "cve_corpus/ruby/CVE-2020-8130/patched.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-rb-2020-8130-vulnerable", "file": "cve_corpus/ruby/CVE-2020-8130/vulnerable.rb", "language": "ruby", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 37:16)", "taint-unsanitised-flow (source 44:7)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 37:16)", "taint-unsanitised-flow (source 44:7)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "cve-rs-2018-20997-patched", "file": "cve_corpus/rust/CVE-2018-20997/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2018-20997-vulnerable", "file": "cve_corpus/rust/CVE-2018-20997/vulnerable.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 27:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 27:22)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2022-36113-patched", "file": "cve_corpus/rust/CVE-2022-36113/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2022-36113-vulnerable", "file": "cve_corpus/rust/CVE-2022-36113/vulnerable.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 29:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 29:22)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "cve-rs-2024-24576-patched", "file": "cve_corpus/rust/CVE-2024-24576/patched.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "cve-rs-2024-24576-vulnerable", "file": "cve_corpus/rust/CVE-2024-24576/vulnerable.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "taint-unsanitised-flow (source 27:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 27:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "cve-ts-2023-26159-patched", "file": "cve_corpus/typescript/CVE-2023-26159/patched.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "cve-ts-2023-26159-vulnerable", "file": "cve_corpus/typescript/CVE-2023-26159/vulnerable.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 28:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 28:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-auth-realrepo-001", "file": "go/auth/vuln_repo_findbyid_no_auth.go", "language": "go", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "go.auth.missing_ownership_check", "go.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.auth.missing_ownership_check", "go.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-001", "file": "go/cmdi/cmdi_direct.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:9)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-002", "file": "go/cmdi/cmdi_indirect.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-003", "file": "go/cmdi_env/cmdi_env.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "taint-unsanitised-flow (source 9:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "taint-unsanitised-flow (source 9:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-004", "file": "go/cmdi/cmdi_unvalidated_queue_element.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 13:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 13:22)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-cross-001", "file": "go/cmdi/cross_source/", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 9:9)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-cmdi-realrepo-001", "file": "go/cmdi/vuln_error_log_then_sink.go", "language": "go", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-error-fallthrough", "cfg-unguarded-sink", "go.sqli.query_concat" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-error-fallthrough", "cfg-unguarded-sink", "go.sqli.query_concat" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-fmt_string-001", "file": "go/fmt_string/fmt_injection.go", "language": "go", "vuln_class": "fmt_string", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-interproc-001", "file": "go/interprocedural/interproc_taint_propagation.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 13:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 13:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-interproc-safe-001", "file": "go/interprocedural/interproc_sanitizer_wrap.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-path-002", "file": "go/path_traversal/path_traversal_remove.go", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 17:10)" ], "unexpected_rule_ids": [ "state-unauthed-access" ], "all_finding_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 17:10)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-path-003", "file": "go/path_traversal/path_traversal_ifinit.go", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 27:13)" ], "unexpected_rule_ids": [ "state-unauthed-access" ], "all_finding_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 27:13)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-path-safe-002", "file": "go/path_traversal/safe_path_traversal_remove.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-path-safe-003", "file": "go/path_traversal/safe_path_traversal_ifinit.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-path_traversal-001", "file": "go/path_traversal/path_traversal.go", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-path_traversal-cross-001", "file": "go/path_traversal/cross_sanitizer/", "language": "go", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-unauthed-access", "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-pathprune-safe-001", "file": "go/path_pruning/safe_early_return.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-001", "file": "go/safe/safe_constant.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-002", "file": "go/safe/safe_dominated.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-003", "file": "go/safe/safe_interprocedural.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-004", "file": "go/safe/safe_non_security_sink.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-005", "file": "go/safe/safe_reassigned.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-006", "file": "go/safe/safe_sanitized.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-007", "file": "go/safe/safe_type_check.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "FP", "outcome_rule_level": "FP", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [ "go.sqli.query_concat", "taint-unsanitised-flow (source 10:11)" ], "all_finding_ids": [ "go.sqli.query_concat", "taint-unsanitised-flow (source 10:11)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-safe-008", "file": "go/safe/safe_validated.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-009", "file": "go/safe/safe_validated_queue_element.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "FP", "outcome_rule_level": "FP", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 17:31)" ], "all_finding_ids": [ "go.cmdi.exec_command", "state-unauthed-access", "taint-unsanitised-flow (source 17:31)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "go-safe-014", "file": "go/safe/safe_direct_path_sanitizer.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-015", "file": "go/safe/safe_tuple_path_sanitizer.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-016", "file": "go/safe/safe_cross_function_dotdot.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-atoi-001", "file": "go/safe/safe_strconv_atoi.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-fieldproj-phase3", "file": "go/safe/safe_chained_receiver_field_proj.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-001", "file": "go/safe/safe_error_log_only_function.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-002", "file": "go/safe/safe_method_receiver_mutex.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-003", "file": "go/safe/safe_const_bound_id.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-004", "file": "go/safe/safe_chained_call_response_header.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-safe-realrepo-005", "file": "go/safe/safe_self_method_receiver.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-sqli-001", "file": "go/sqli/sqli_concat.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "go.sqli.query_concat", "taint-unsanitised-flow (source 9:8)" ], "unexpected_rule_ids": [ "go.auth.missing_ownership_check" ], "all_finding_ids": [ "state-resource-leak", "go.auth.missing_ownership_check", "go.sqli.query_concat", "taint-unsanitised-flow (source 9:8)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "go-sqli-002", "file": "go/sqli/sqli_sprintf.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 10:8)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 10:8)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-sqli-003", "file": "go/sqli/sqli_queryrow.go", "language": "go", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "go.sqli.query_concat", "taint-unsanitised-flow (source 9:8)" ], "unexpected_rule_ids": [ "go.auth.missing_ownership_check" ], "all_finding_ids": [ "state-resource-leak", "go.auth.missing_ownership_check", "go.sqli.query_concat", "taint-unsanitised-flow (source 9:8)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-001", "file": "go/ssrf/ssrf_http_get.go", "language": "go", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-002", "file": "go/ssrf/ssrf_new_request.go", "language": "go", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:9)", "taint-unsanitised-flow (source 8:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:9)", "taint-unsanitised-flow (source 8:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-004", "file": "go/ssrf/ssrf_default_client_get.go", "language": "go", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 12:9)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 12:9)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-safe-001", "file": "go/ssrf/safe_ssrf_hardcoded.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-ssrf-safe-002", "file": "go/ssrf/safe_ssrf_default_client_get.go", "language": "go", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "go-xss-001", "file": "go/xss/xss_fprintf.go", "language": "go", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-xss-002", "file": "go/xss/xss_template_html.go", "language": "go", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:11)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "go-xss-gin-001", "file": "go/xss/xss_gin_source.go", "language": "go", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:10)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:10)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-cmdi-001", "file": "java/cmdi/CmdiDirect.java", "language": "java", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 5:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 5:22)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-cmdi-002", "file": "java/cmdi/CmdiIndirect.java", "language": "java", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 5:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 5:23)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-code_injection-001", "file": "java/code_injection/CodeInjection.java", "language": "java", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.reflection.class_forname", "taint-unsanitised-flow (source 5:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.reflection.class_forname", "taint-unsanitised-flow (source 5:22)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-deser-001", "file": "java/deser/DeserOis.java", "language": "java", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 6:55)", "taint-unsanitised-flow (source 6:55)" ], "unexpected_rule_ids": [ "java.xss.getwriter_print" ], "all_finding_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 6:55)", "java.xss.getwriter_print", "taint-unsanitised-flow (source 6:55)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "java-deser-002", "file": "java/deser/DeserSource.java", "language": "java", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 6:55)", "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 6:55)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "java.deser.readobject", "taint-unsanitised-flow (source 6:55)", "java.cmdi.runtime_exec", "taint-unsanitised-flow (source 6:55)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "java-interproc-001", "file": "java/interprocedural/InterprocTaintPropagation.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:25)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "cfg-resource-leak", "taint-unsanitised-flow (source 9:25)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-interproc-safe-001", "file": "java/interprocedural/InterprocSanitizerWrap.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-path_traversal-001", "file": "java/path_traversal/PathTraversal.java", "language": "java", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-preauth-001", "file": "java/auth/SafePreAuthorize.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-preauth-vuln-001", "file": "java/auth/VulnNoPreAuthorize.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 11:23)" ], "unexpected_rule_ids": [ "java.xss.getwriter_print" ], "all_finding_ids": [ "java.xss.getwriter_print", "taint-unsanitised-flow (source 11:23)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-safe-001", "file": "java/safe/SafeConstant.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-002", "file": "java/safe/SafeDominated.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-003", "file": "java/safe/SafeInterprocedural.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-004", "file": "java/safe/SafeNonSecuritySink.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-005", "file": "java/safe/SafeReassigned.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-006", "file": "java/safe/SafeSanitized.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-007", "file": "java/safe/SafeTypeCheck.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-008", "file": "java/safe/SafeValidated.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-014", "file": "java/safe/SafeDirectPathSanitizer.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-015", "file": "java/safe/SafeOptionalPathSanitizer.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-016", "file": "java/safe/SafeCrossFunctionDotdot.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-prepared-001", "file": "java/safe/safe_prepared_statement.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-realrepo-001", "file": "java/safe/SafeLoggerIsEnabled.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-safe-realrepo-keycloak-001", "file": "java/safe/SafeJpaParameterizedExecute.java", "language": "java", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "java-sqli-001", "file": "java/sqli/SqliConcat.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "java.sqli.execute_concat", "taint-unsanitised-flow (source 6:21)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak", "java.sqli.execute_concat", "taint-unsanitised-flow (source 6:21)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "java-sqli-002", "file": "java/sqli/SqliFormat.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 6:21)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak", "taint-unsanitised-flow (source 6:21)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "java-sqli-realrepo-keycloak-001", "file": "java/sqli/SqliJpaCreateQueryConcat.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-unguarded-sink" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-unguarded-sink" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-sqli-stmt-001", "file": "java/sqli/sqli_statement_vs_prepared.java", "language": "java", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "state-resource-leak", "taint-unsanitised-flow (source 7:21)", "taint-unsanitised-flow (source 7:21)" ], "unexpected_rule_ids": [ "java.sqli.execute_concat", "java.xss.getwriter_print" ], "all_finding_ids": [ "state-resource-leak", "java.sqli.execute_concat", "state-resource-leak", "taint-unsanitised-flow (source 7:21)", "java.xss.getwriter_print", "taint-unsanitised-flow (source 7:21)" ], "security_finding_count": 6, "non_security_finding_count": 0 }, { "case_id": "java-ssrf-001", "file": "java/ssrf/SsrfRequest.java", "language": "java", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 7:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 7:22)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "java-ssrf-002", "file": "java/ssrf/SsrfHttpClient.java", "language": "java", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:22)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "java-xss-001", "file": "java/xss/XssReflected.java", "language": "java", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:23)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:23)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-allowlist-dispatch-001", "file": "javascript/safe/safe_switch_dispatch.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-auth-realrepo-001", "file": "javascript/auth/safe_req_user_id_copy.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-cmdi-001", "file": "javascript/cmdi/cmdi_direct.js", "language": "javascript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-cmdi-002", "file": "javascript/cmdi/cmdi_indirect.js", "language": "javascript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-code_injection-001", "file": "javascript/code_injection/code_injection.js", "language": "javascript", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "js-code_injection-002", "file": "javascript/code_injection/code_injection_indirect.js", "language": "javascript", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [ "js.code_exec.new_function" ], "all_finding_ids": [ "js.code_exec.new_function", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-destructure-sanitize-001", "file": "javascript/safe/safe_object_destructure_sanitize.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-destructure-vuln-001", "file": "javascript/xss/vuln_object_destructure_no_sanitize.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:21)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:21)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-interproc-001", "file": "javascript/interprocedural/interproc_taint_propagation.js", "language": "javascript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 10:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 10:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-interproc-safe-001", "file": "javascript/interprocedural/interproc_sanitizer_wrap.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-path_traversal-001", "file": "javascript/path_traversal/path_traversal.js", "language": "javascript", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-pathprune-safe-001", "file": "javascript/path_pruning/safe_early_return.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-001", "file": "javascript/safe/safe_constant.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-002", "file": "javascript/safe/safe_dominated.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-003", "file": "javascript/safe/safe_interprocedural.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-004", "file": "javascript/safe/safe_non_security_sink.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-005", "file": "javascript/safe/safe_reassigned.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-006", "file": "javascript/safe/safe_sanitized.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-007", "file": "javascript/safe/safe_type_check.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-008", "file": "javascript/safe/safe_validated.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-014", "file": "javascript/safe/safe_direct_path_sanitizer.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-015", "file": "javascript/safe/safe_null_path_sanitizer.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-016", "file": "javascript/safe/safe_cross_function_dotdot.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-parseInt-001", "file": "javascript/safe/safe_parseInt.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-realrepo-001", "file": "javascript/safe/safe_dom_globals_and_methods.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-safe-realrepo-002", "file": "javascript/safe/safe_happy_path_error_check.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-sqli-001", "file": "javascript/sqli/sqli_concat.js", "language": "javascript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-sqli-002", "file": "javascript/sqli/sqli_template.js", "language": "javascript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.code_exec.eval", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-001", "file": "javascript/ssrf/ssrf_fetch.js", "language": "javascript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-002", "file": "javascript/ssrf/ssrf_axios.js", "language": "javascript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-003", "file": "javascript/ssrf/ssrf_http_get_chained.js", "language": "javascript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-safe-001", "file": "javascript/ssrf/safe_ssrf_hardcoded.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-ssrf-safe-002", "file": "javascript/ssrf/safe_http_get_hardcoded_chained.js", "language": "javascript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "js-xss-001", "file": "javascript/xss/xss_reflected.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "js-xss-002", "file": "javascript/xss/xss_document_write.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.xss.document_write", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.xss.document_write", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-xss-003", "file": "javascript/xss/xss_location.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.xss.location_assign", "taint-unsanitised-flow (source 4:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.xss.location_assign", "taint-unsanitised-flow (source 4:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-xss-cross-001", "file": "javascript/xss/cross_propagation/", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.xss.document_write", "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.xss.document_write", "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "js-xss-react-001", "file": "javascript/xss/xss_react_dangerously.js", "language": "javascript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-cmdi-001", "file": "php/cmdi/cmdi_direct.php", "language": "php", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.cmdi.system", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.cmdi.system", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-cmdi-002", "file": "php/cmdi/cmdi_indirect.php", "language": "php", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.cmdi.system", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.cmdi.system", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-code_injection-001", "file": "php/code_injection/code_injection.php", "language": "php", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.code_exec.eval", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.code_exec.eval", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-code_injection-002", "file": "php/code_injection/code_injection_assert.php", "language": "php", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-deser-001", "file": "php/deser/deser_unserialize.php", "language": "php", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 2:1)", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 2:1)", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "php-deser-002", "file": "php/deser/deser_unserialize_allowed_true.php", "language": "php", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 7:1)", "taint-unsanitised-flow (source 7:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.deser.unserialize", "taint-unsanitised-flow (source 7:1)", "taint-unsanitised-flow (source 7:1)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "php-interproc-001", "file": "php/interprocedural/interproc_taint_propagation.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-interproc-safe-001", "file": "php/interprocedural/interproc_sanitizer_wrap.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-isgranted-001", "file": "php/auth/safe_isgranted.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-isgranted-vuln-001", "file": "php/auth/vuln_no_isgranted.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 6:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-path_traversal-001", "file": "php/path_traversal/path_traversal.php", "language": "php", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-path_traversal-002", "file": "php/path_traversal/path_traversal_copy.php", "language": "php", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-path_traversal-003", "file": "php/path_traversal/path_traversal_concat.php", "language": "php", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "php.path.include_variable" ], "unexpected_rule_ids": [], "all_finding_ids": [ "php.path.include_variable" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-safe-001", "file": "php/safe/safe_constant.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-002", "file": "php/safe/safe_dominated.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-003", "file": "php/safe/safe_interprocedural.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-004", "file": "php/safe/safe_non_security_sink.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-005", "file": "php/safe/safe_reassigned.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-006", "file": "php/safe/safe_sanitized.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-007", "file": "php/safe/safe_type_check.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-008", "file": "php/safe/safe_validated.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-014", "file": "php/safe/safe_direct_path_sanitizer.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-015", "file": "php/safe/safe_nullable_path_sanitizer.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-016", "file": "php/safe/safe_cross_function_dotdot.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-017", "file": "php/safe/safe_unserialize_allowed_classes.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-018", "file": "php/safe/safe_include_param_passthrough.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-safe-filter-001", "file": "php/safe/safe_filter_input.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-sqli-001", "file": "php/sqli/sqli_concat.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-sqli-002", "file": "php/sqli/sqli_sprintf.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-sqli-pdo-001", "file": "php/sqli/sqli_pdo_raw.php", "language": "php", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "php-ssrf-001", "file": "php/ssrf/ssrf_curl.php", "language": "php", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)", "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)", "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "php-ssrf-safe-001", "file": "php/ssrf/safe_ssrf_hardcoded.php", "language": "php", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "php-xss-001", "file": "php/xss/xss_reflected.php", "language": "php", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:1)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-auth-decorator-001", "file": "python/safe/safe_login_required_decorator.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-decorator-vuln-001", "file": "python/auth/vuln_no_auth_decorator.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-auth-gap" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-auth-gap" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-001", "file": "python/safe/safe_django_migration_token.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-002", "file": "python/safe/safe_pytest_conftest_marker.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-003", "file": "python/safe/safe_celery_task_no_user_input.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-auth-realrepo-004", "file": "python/auth/vuln_token_override_django_handler.py", "language": "python", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.auth.token_override_without_validation" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.auth.token_override_without_validation" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-001", "file": "python/cmdi/cmdi_direct.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 5:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 5:11)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-002", "file": "python/cmdi/cmdi_indirect.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.subprocess_shell", "taint-unsanitised-flow (source 5:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.subprocess_shell", "taint-unsanitised-flow (source 5:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-cross-001", "file": "python/cmdi/cross_propagation/", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 4:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 4:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-cross-002", "file": "python/cmdi/cross_source/", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.subprocess_shell" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.subprocess_shell" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-cross-003", "file": "python/cmdi/cross_sanitizer/", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 4:1)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 4:1)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-cross-004", "file": "python/cmdi/cross_indirect_sink/", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:5)", "py.cmdi.os_system" ], "unexpected_rule_ids": [ "cfg-unguarded-sink" ], "all_finding_ids": [ "taint-unsanitised-flow (source 6:5)", "cfg-unguarded-sink", "py.cmdi.os_system" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "py-cmdi-popen-001", "file": "python/cmdi/cmdi_popen_shell.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 5:11)" ], "unexpected_rule_ids": [ "py.cmdi.subprocess_shell" ], "all_finding_ids": [ "py.cmdi.subprocess_shell", "state-resource-leak", "taint-unsanitised-flow (source 5:11)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "py-code_injection-001", "file": "python/code_injection/code_injection.py", "language": "python", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.code_exec.eval", "taint-unsanitised-flow (source 4:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.code_exec.eval", "taint-unsanitised-flow (source 4:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-code_injection-002", "file": "python/code_injection/code_injection_exec.py", "language": "python", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.code_exec.exec", "taint-unsanitised-flow (source 4:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.code_exec.exec", "taint-unsanitised-flow (source 4:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-context-sanitize-001", "file": "python/safe/safe_with_context_sanitize.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-deser-001", "file": "python/deser/deser_pickle.py", "language": "python", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "py.deser.pickle_loads", "taint-unsanitised-flow (source 5:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "py.deser.pickle_loads", "taint-unsanitised-flow (source 5:12)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-interproc-001", "file": "python/interprocedural/interproc_taint_propagation.py", "language": "python", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:9)" ], "unexpected_rule_ids": [ "py.cmdi.os_system" ], "all_finding_ids": [ "py.cmdi.os_system", "taint-unsanitised-flow (source 8:9)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "py-interproc-safe-001", "file": "python/interprocedural/interproc_sanitizer_wrap.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-path_traversal-001", "file": "python/path_traversal/path_traversal.py", "language": "python", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-pathprune-safe-001", "file": "python/path_pruning/safe_early_return.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-001", "file": "python/safe/safe_constant.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-002", "file": "python/safe/safe_dominated.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-003", "file": "python/safe/safe_interprocedural.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-004", "file": "python/safe/safe_non_security_sink.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-005", "file": "python/safe/safe_reassigned.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-006", "file": "python/safe/safe_sanitized.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-007", "file": "python/safe/safe_type_check.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-008", "file": "python/safe/safe_validated.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-014", "file": "python/safe/safe_direct_path_sanitizer.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-015", "file": "python/safe/safe_optional_path_sanitizer.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-016", "file": "python/safe/safe_cross_function_dotdot.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-safe-int-001", "file": "python/safe/safe_int_cast.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-sqli-001", "file": "python/sqli/sqli_concat.py", "language": "python", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "taint-unsanitised-flow (source 5:15)" ], "unexpected_rule_ids": [ "cfg-resource-leak", "py.sqli.execute_format" ], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak", "py.sqli.execute_format", "taint-unsanitised-flow (source 5:15)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "py-sqli-002", "file": "python/sqli/sqli_format.py", "language": "python", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "state-resource-leak", "py.sqli.execute_format", "taint-unsanitised-flow (source 5:15)" ], "unexpected_rule_ids": [ "cfg-resource-leak" ], "all_finding_ids": [ "state-resource-leak", "cfg-resource-leak", "py.sqli.execute_format", "taint-unsanitised-flow (source 5:15)" ], "security_finding_count": 4, "non_security_finding_count": 0 }, { "case_id": "py-ssrf-001", "file": "python/ssrf/ssrf_requests.py", "language": "python", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:11)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-ssrf-002", "file": "python/ssrf/ssrf_httpx_post.py", "language": "python", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:11)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:11)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-ssrf-safe-001", "file": "python/ssrf/safe_ssrf_constant.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-validator-sentinel-001", "file": "python/safe/safe_validator_sentinel.py", "language": "python", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "py-validator-sentinel-vuln-001", "file": "python/sqli/vuln_validator_sentinel_bypass.py", "language": "python", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 17:11)" ], "unexpected_rule_ids": [ "state-resource-leak", "py.sqli.execute_format" ], "all_finding_ids": [ "state-resource-leak", "py.sqli.execute_format", "taint-unsanitised-flow (source 17:11)" ], "security_finding_count": 3, "non_security_finding_count": 0 }, { "case_id": "py-xss-001", "file": "python/xss/xss_reflected.py", "language": "python", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "py-xss-002", "file": "python/xss/xss_template_string.py", "language": "python", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:12)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:12)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rb-interproc-001", "file": "ruby/interprocedural/interproc_taint_propagation.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rb-interproc-safe-001", "file": "ruby/interprocedural/interproc_sanitizer_wrap.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rb-safe-014", "file": "ruby/safe/safe_direct_path_sanitizer.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rb-safe-015", "file": "ruby/safe/safe_nil_path_sanitizer.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rb-safe-016", "file": "ruby/safe/safe_cross_function_dotdot.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-001", "file": "rust/auth/actix_scoped_write_missing.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-002", "file": "rust/auth/true_positive_missing_check.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-003", "file": "rust/auth/row_ownership_no_early_exit.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-101", "file": "rust/auth/hashmap_local_noise.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-102", "file": "rust/auth/helper_scoped_params.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-103", "file": "rust/auth/row_ownership_equality.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-104", "file": "rust/auth/self_scoped_user.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-105", "file": "rust/auth/db_connection_type_inferred.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-auth-106", "file": "rust/auth/sql_join_acl.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-107", "file": "rust/auth/transitive_helper.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-108", "file": "rust/auth/row_fetch_then_authorize.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-auth-109", "file": "rust/auth/predicate_role_check.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-auth-110", "file": "rust/auth/unsafe_row_fetch_no_authz.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check", "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.quality.todo", "rs.auth.missing_ownership_check", "rs.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 2 }, { "case_id": "rs-auth-dto-int-field-001", "file": "rust/auth/safe_dto_int_field_axum.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-dto-string-field-001", "file": "rust/auth/unsafe_dto_string_field_axum.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-001", "file": "rust/auth/self_actor_uid_copy.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-002", "file": "rust/auth/require_resource_role_helper.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-003", "file": "rust/auth/self_publish_email.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-006", "file": "rust/auth/safe_row_population_reverse_walk.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-auth-realrepo-007", "file": "rust/auth/safe_row_fetch_multiline_let.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-auth-realrepo-008", "file": "rust/auth/unsafe_row_population_no_check.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rs.auth.missing_ownership_check", "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.todo", "rs.auth.missing_ownership_check", "rs.auth.missing_ownership_check" ], "security_finding_count": 2, "non_security_finding_count": 1 }, { "case_id": "rs-auth-realrepo-009", "file": "rust/auth/safe_local_user_view_extractor.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-auth-realrepo-010", "file": "rust/auth/unsafe_local_user_view_extractor.rs", "language": "rust", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "rs.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "rs-auth-typed-extractors-001", "file": "rust/auth/safe_typed_path_int_extractor.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-cmdi-001", "file": "rust/cmdi/cmdi_command.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:15)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-002", "file": "rust/cmdi/cmdi_command_output.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-003", "file": "rust/cmdi/cmdi_indirect.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "FN", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:17)" ], "unexpected_rule_ids": [ "cfg-unguarded-sink" ], "all_finding_ids": [ "cfg-unguarded-sink", "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 9:17)" ], "security_finding_count": 2, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-004", "file": "rust/cmdi/cmdi_args.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:20)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:20)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-005", "file": "rust/cmdi/cmdi_format_macro.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-006", "file": "rust/cmdi/cmdi_match_source.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:22)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 5:22)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-cmdi-007", "file": "rust/cmdi/cmdi_string_concat.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-008", "file": "rust/cmdi/cmdi_static_map_dangerous.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 6:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 6:15)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-cmdi-009", "file": "rust/cmdi/cmdi_indirect_multisink.rs", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "FN", "matched_rule_ids": [ "taint-unsanitised-flow (source 11:13)" ], "unexpected_rule_ids": [ "cfg-unguarded-sink", "cfg-unguarded-sink" ], "all_finding_ids": [ "cfg-unguarded-sink", "rs.quality.unwrap", "cfg-unguarded-sink", "rs.quality.unwrap", "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 11:13)" ], "security_finding_count": 3, "non_security_finding_count": 4 }, { "case_id": "rs-cmdi-cross-001", "file": "rust/cmdi/cross_propagation/", "language": "rust", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:17)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 7:17)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-deser-001", "file": "rust/deser/deser_serde_yaml.rs", "language": "rust", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 8:15)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-001", "file": "rust/path_traversal/path_read.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-002", "file": "rust/path_traversal/path_write.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-003", "file": "rust/path_traversal/path_file_open.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-004", "file": "rust/path_traversal/path_file_create.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-005", "file": "rust/path_traversal/path_remove.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:16)" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "rs-path-006", "file": "rust/traversal/traversal_no_sanitizer.rs", "language": "rust", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 10:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 10:15)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-safe-001", "file": "rust/safe/safe_constant.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-002", "file": "rust/safe/safe_sanitized_shell.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-003", "file": "rust/safe/safe_reassigned.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-004", "file": "rust/safe/safe_validated.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.panic_macro", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 3 }, { "case_id": "rs-safe-005", "file": "rust/safe/safe_hardcoded_url.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "rs-safe-006", "file": "rust/safe/safe_type_check.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.expect", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 3 }, { "case_id": "rs-safe-007", "file": "rust/safe/safe_interprocedural.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-008", "file": "rust/safe/safe_dominated.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-009", "file": "rust/safe/safe_shell_metachar.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-009", "file": "rust/safe/safe_match_guard.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-010", "file": "rust/safe/safe_static_map_lookup.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-safe-011", "file": "rust/safe/safe_parsed_port.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.expect", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 3 }, { "case_id": "rs-safe-012", "file": "rust/safe/safe_path_contains_dotdot.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-014", "file": "rust/safe/safe_option_sanitizer.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-015", "file": "rust/safe/safe_path_is_absolute.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-016", "file": "rust/safe/safe_cross_function_dotdot.rs", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 1 }, { "case_id": "rs-safe-cross-001", "file": "rust/cmdi/cross_sanitizer/", "language": "rust", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap" ], "security_finding_count": 0, "non_security_finding_count": 2 }, { "case_id": "rs-sqli-001", "file": "rust/sqli/sqli_rusqlite_format.rs", "language": "rust", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 1, "non_security_finding_count": 3 }, { "case_id": "rs-sqli-002", "file": "rust/sqli/sqli_metachar_gate_wrong_sink.rs", "language": "rust", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:19)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "rs.quality.unwrap", "rs.quality.unwrap", "taint-unsanitised-flow (source 5:19)" ], "security_finding_count": 1, "non_security_finding_count": 3 }, { "case_id": "rs-ssrf-001", "file": "rust/ssrf/ssrf_reqwest.rs", "language": "rust", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 4:15)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-ssrf-002", "file": "rust/ssrf/ssrf_indirect.rs", "language": "rust", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "FN", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:18)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 8:18)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-ssrf-003", "file": "rust/ssrf/ssrf_client_builder.rs", "language": "rust", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:15)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rs.quality.unwrap", "taint-unsanitised-flow (source 4:15)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "rs-xss-001", "file": "rust/xss/axum_html/", "language": "rust", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 3:16)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 3:16)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-auth-missing-post-fetch-001", "file": "ruby/auth/auth_missing_post_fetch_check.rb", "language": "ruby", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-before-action-001", "file": "ruby/auth/safe_before_action.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-cmdi-001", "file": "ruby/cmdi/cmdi_system.rb", "language": "ruby", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.cmdi.system_interp", "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.cmdi.system_interp", "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-cmdi-002", "file": "ruby/cmdi/cmdi_backtick.rb", "language": "ruby", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.cmdi.backtick", "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.cmdi.backtick", "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-cmdi-003", "file": "ruby/cmdi/cmdi_kernel_open.rb", "language": "ruby", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 10:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 10:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-code_injection-001", "file": "ruby/code_injection/code_injection_eval.rb", "language": "ruby", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.code_exec.eval", "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.code_exec.eval", "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-deser-001", "file": "ruby/deser/deser_marshal.rb", "language": "ruby", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.deser.marshal_load", "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.deser.marshal_load", "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-deser-002", "file": "ruby/deser/deser_yaml.rb", "language": "ruby", "vuln_class": "deser", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "rb.deser.yaml_load", "taint-unsanitised-flow (source 4:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "rb.deser.yaml_load", "taint-unsanitised-flow (source 4:3)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ruby-path_traversal-001", "file": "ruby/path_traversal/path_traversal_send_file.rb", "language": "ruby", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-001", "file": "ruby/safe/safe_constant.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-002", "file": "ruby/safe/safe_dominated.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-003", "file": "ruby/safe/safe_interprocedural.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-004", "file": "ruby/safe/safe_non_security_sink.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-005", "file": "ruby/safe/safe_reassigned.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-006", "file": "ruby/safe/safe_sanitized.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-007", "file": "ruby/safe/safe_type_check.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-008", "file": "ruby/safe/safe_validated.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-009", "file": "ruby/safe/safe_kernel_open_file_namespaced.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-ar-query-shapes-001", "file": "ruby/safe/safe_active_record_query_shapes.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-post-fetch-ownership-001", "file": "ruby/safe/safe_post_fetch_ownership_check.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-safe-strong-params-001", "file": "ruby/safe/safe_strong_params.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-sqli-001", "file": "ruby/sqli/sqli_find_by_sql.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-sqli-002", "file": "ruby/sqli/sqli_execute.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-sqli-where-chained-interp-001", "file": "ruby/sqli/sqli_where_chained_interpolation.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-sqli-where-string-interp-001", "file": "ruby/sqli/sqli_where_string_interpolation.rb", "language": "ruby", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-ssrf-001", "file": "ruby/ssrf/ssrf_httparty.rb", "language": "ruby", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-ssrf-002", "file": "ruby/ssrf/ssrf_net_http.rb", "language": "ruby", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 4:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 4:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-ssrf-safe-001", "file": "ruby/ssrf/safe_ssrf_hardcoded.rb", "language": "ruby", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ruby-xss-001", "file": "ruby/xss/xss_html_safe.rb", "language": "ruby", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ruby-xss-002", "file": "ruby/xss/xss_raw.rb", "language": "ruby", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 2:3)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 2:3)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-001", "file": "typescript/auth/safe_session_user_id_copy.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-002", "file": "typescript/auth/vuln_target_user_id_no_check.ts", "language": "typescript", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "js.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.quality.any_annotation", "ts.quality.any_annotation", "js.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 2 }, { "case_id": "ts-auth-realrepo-003", "file": "typescript/auth/safe_destructured_session_user.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-004", "file": "typescript/auth/safe_trpc_ctx_user_options.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-auth-realrepo-005", "file": "typescript/auth/vuln_trpc_ctx_input_id_no_check.ts", "language": "typescript", "vuln_class": "auth", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": null, "matched_rule_ids": [ "js.auth.missing_ownership_check" ], "unexpected_rule_ids": [], "all_finding_ids": [ "js.auth.missing_ownership_check" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-cmdi-001", "file": "typescript/cmdi/cmdi_exec_template.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-cmdi-002", "file": "typescript/cmdi/cmdi_async_wrapper.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:5)", "taint-unsanitised-flow (source 9:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:5)", "taint-unsanitised-flow (source 9:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-code_injection-001", "file": "typescript/code_injection/code_exec_eval.ts", "language": "typescript", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)", "ts.code_exec.eval" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)", "ts.code_exec.eval" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-code_injection-002", "file": "typescript/code_injection/code_exec_new_function.ts", "language": "typescript", "vuln_class": "code_injection", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.code_exec.new_function", "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.code_exec.new_function", "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-crypto-001", "file": "typescript/crypto/weak_hash_md5.ts", "language": "typescript", "vuln_class": "crypto", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.crypto.weak_hash_import" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.crypto.weak_hash_import" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-iife-closure-001", "file": "typescript/safe/safe_iife_closure_sanitizer.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-iife-closure-vuln-001", "file": "typescript/xss/vuln_iife_closure_no_sanitizer.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 15:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 15:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-insecure_config-001", "file": "typescript/insecure_config/reject_unauthorized.ts", "language": "typescript", "vuln_class": "insecure_config", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.config.reject_unauthorized" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.config.reject_unauthorized" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-insecure_config-002", "file": "typescript/insecure_config/cookie_httponly.ts", "language": "typescript", "vuln_class": "insecure_config", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.config.insecure_session_httponly" ], "unexpected_rule_ids": [ "ts.secrets.hardcoded_secret" ], "all_finding_ids": [ "ts.secrets.hardcoded_secret", "ts.config.insecure_session_httponly" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-interproc-001", "file": "typescript/interprocedural/interproc_class_method.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 14:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 14:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-open_redirect-001", "file": "typescript/open_redirect/location_href.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)", "ts.xss.location_assign" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)", "ts.xss.location_assign" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-path_traversal-001", "file": "typescript/path_traversal/path_traversal_sendfile.ts", "language": "typescript", "vuln_class": "path_traversal", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-prototype-001", "file": "typescript/prototype/proto_assignment.ts", "language": "typescript", "vuln_class": "prototype", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.prototype.proto_assignment" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.prototype.proto_assignment", "ts.quality.as_any" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "ts-safe-001", "file": "typescript/safe/safe_dompurify.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-002", "file": "typescript/safe/safe_number_coerce.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-003", "file": "typescript/safe/safe_encode_uri.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-004", "file": "typescript/safe/safe_hardcoded_url.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-005", "file": "typescript/safe/safe_validator_escape.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-006", "file": "typescript/safe/safe_typeof_guard.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-007", "file": "typescript/safe/safe_interproc_sanitizer.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-008", "file": "typescript/safe/safe_constant_query.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-009", "file": "typescript/safe/safe_parameterized.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-010", "file": "typescript/safe/safe_jsx_text.tsx", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-014", "file": "typescript/safe/safe_direct_path_sanitizer.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-015", "file": "typescript/safe/safe_null_path_sanitizer.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-safe-016", "file": "typescript/safe/safe_cross_function_dotdot.ts", "language": "typescript", "vuln_class": "safe", "is_vulnerable": false, "outcome_file_level": "TN", "outcome_rule_level": "TN", "outcome_location_level": null, "matched_rule_ids": [], "unexpected_rule_ids": [], "all_finding_ids": [], "security_finding_count": 0, "non_security_finding_count": 0 }, { "case_id": "ts-secrets-001", "file": "typescript/secrets/fallback_secret.ts", "language": "typescript", "vuln_class": "secrets", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "ts.secrets.fallback_secret" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.secrets.fallback_secret" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-sqli-001", "file": "typescript/sqli/sqli_template_literal.ts", "language": "typescript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-sqli-002", "file": "typescript/sqli/sqli_prisma_raw.ts", "language": "typescript", "vuln_class": "sqli", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)", "taint-unsanitised-flow (source 8:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)", "taint-unsanitised-flow (source 8:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-ssrf-001", "file": "typescript/ssrf/ssrf_axios_user_url.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-ssrf-002", "file": "typescript/ssrf/ssrf_fastify_fetch.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 8:5)", "taint-unsanitised-flow (source 7:52)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 8:5)", "taint-unsanitised-flow (source 7:52)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-ssrf-003", "file": "typescript/ssrf/ssrf_encoded_host.ts", "language": "typescript", "vuln_class": "ssrf", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-type_system-001", "file": "typescript/type_system/discriminated_union_narrow.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "cfg-unguarded-sink" ], "unexpected_rule_ids": [], "all_finding_ids": [ "cfg-unguarded-sink" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-type_system-002", "file": "typescript/type_system/interface_dispatch.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 18:5)" ], "unexpected_rule_ids": [ "cfg-unguarded-sink" ], "all_finding_ids": [ "cfg-unguarded-sink", "taint-unsanitised-flow (source 18:5)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-type_system-003", "file": "typescript/type_system/decorator_passthrough.ts", "language": "typescript", "vuln_class": "cmdi", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 14:5)", "taint-unsanitised-flow (source 22:13)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 14:5)", "taint-unsanitised-flow (source 22:13)" ], "security_finding_count": 2, "non_security_finding_count": 0 }, { "case_id": "ts-xss-001", "file": "typescript/xss/xss_typed_innerhtml.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-xss-002", "file": "typescript/xss/xss_as_any_cast.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "ts.quality.as_any", "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 1 }, { "case_id": "ts-xss-003", "file": "typescript/xss/xss_generic_identity.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 9:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 9:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-xss-004", "file": "typescript/xss/xss_optional_chain_source.ts", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 5:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 5:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 }, { "case_id": "ts-xss-005", "file": "typescript/xss/xss_dangerously_set_inner_html.tsx", "language": "typescript", "vuln_class": "xss", "is_vulnerable": true, "outcome_file_level": "TP", "outcome_rule_level": "TP", "outcome_location_level": "TP", "matched_rule_ids": [ "taint-unsanitised-flow (source 7:5)" ], "unexpected_rule_ids": [], "all_finding_ids": [ "taint-unsanitised-flow (source 7:5)" ], "security_finding_count": 1, "non_security_finding_count": 0 } ], "aggregate_file_level": { "tp": 215, "fp": 2, "fn_": 1, "tn": 214, "precision": 0.9907834101382489, "recall": 0.9953703703703703, "f1": 0.9930715935334872 }, "aggregate_rule_level": { "tp": 215, "fp": 2, "fn_": 1, "tn": 214, "precision": 0.9907834101382489, "recall": 0.9953703703703703, "f1": 0.9930715935334872 }, "by_language": { "c": { "tp": 15, "fp": 0, "fn_": 0, "tn": 15, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "cpp": { "tp": 18, "fp": 0, "fn_": 0, "tn": 15, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "go": { "tp": 24, "fp": 2, "fn_": 1, "tn": 26, "precision": 0.9230769230769231, "recall": 0.96, "f1": 0.9411764705882353 }, "java": { "tp": 17, "fp": 0, "fn_": 0, "tn": 18, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "javascript": { "tp": 19, "fp": 0, "fn_": 0, "tn": 23, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "php": { "tp": 18, "fp": 0, "fn_": 0, "tn": 19, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "python": { "tp": 23, "fp": 0, "fn_": 0, "tn": 23, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "ruby": { "tp": 19, "fp": 0, "fn_": 0, "tn": 20, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "rust": { "tp": 33, "fp": 0, "fn_": 0, "tn": 37, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "typescript": { "tp": 29, "fp": 0, "fn_": 0, "tn": 18, "precision": 1.0, "recall": 1.0, "f1": 1.0 } }, "by_vuln_class": { "auth": { "tp": 13, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "buffer_overflow": { "tp": 6, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "cmdi": { "tp": 57, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "code_exec": { "tp": 2, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "code_injection": { "tp": 10, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "crypto": { "tp": 1, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "deser": { "tp": 8, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "deserialization": { "tp": 4, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "fmt_string": { "tp": 5, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "insecure_config": { "tp": 2, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "memory_safety": { "tp": 3, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "path_traversal": { "tp": 25, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "prototype": { "tp": 1, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "safe": { "tp": 0, "fp": 2, "fn_": 0, "tn": 214, "precision": 0.0, "recall": 1.0, "f1": 0.0 }, "secrets": { "tp": 1, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "sqli": { "tp": 29, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 }, "ssrf": { "tp": 25, "fp": 0, "fn_": 1, "tn": 0, "precision": 1.0, "recall": 0.9615384615384616, "f1": 0.9803921568627451 }, "xss": { "tp": 23, "fp": 0, "fn_": 0, "tn": 0, "precision": 1.0, "recall": 1.0, "f1": 1.0 } }, "by_confidence": { ">=High": { "tp": 89, "fp": 90, "fn_": 127, "tn": 126, "precision": 0.4972067039106145, "recall": 0.41203703703703703, "f1": 0.4506329113924051 }, ">=Low": { "tp": 94, "fp": 102, "fn_": 122, "tn": 114, "precision": 0.47959183673469385, "recall": 0.4351851851851852, "f1": 0.4563106796116505 }, ">=Medium": { "tp": 94, "fp": 102, "fn_": 122, "tn": 114, "precision": 0.47959183673469385, "recall": 0.4351851851851852, "f1": 0.4563106796116505 } } }