mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-12 19:55:14 +02:00
82f18184b1
* feat: Add const_bound_vars tracking to prevent false positives in ownership checks
* feat: Introduce field interner and typed bounded vars for enhanced type tracking
* feat: Add typed_call_receivers and typed_bounded_dto_fields for enhanced type tracking
* feat: Centralize method name extraction with bare_method_name helper
* feat: Implement Phase-6 hierarchy fan-out for runtime virtual dispatch
* feat: Enhance C++ taint tracking with additional container operations and inline method resolution
* feat: Introduce field-sensitive points-to analysis for enhanced resource tracking
* feat: Implement Pointer-Phase 6 subscript handling for enhanced container analysis
* test: Add comprehensive tests for JavaScript control flow constructs and lattice operations
* docs: Update advanced analysis documentation with field-sensitive points-to and hierarchy fan-out details
* test: Add comprehensive tests for lattice algebra laws and SSA edge cases
* feat: Add destructured session user handling and safe user ID access patterns
* feat: Implement row-population reverse-walk for enhanced authorization checks
* feat: Enhance authorization checks with local alias chain for self-actor types
* feat: Introduce ActiveRecord query safety checks and enhance snippet extraction
* feat: Implement chained method call inner-gate rebinding for SSRF prevention
* feat: Add observability and error modules, enhance debug functionality, and implement theme context
* feat: Remove Auth Analysis page and update navigation to redirect to Explorer
* feat: Optimize SSA lowering by sharing results between taint engine and artifact extractor
* feat: Optimize SSA lowering by sharing results between taint engine and artifact extractor
* feat: Reset path-safe-suppressed spans before lowering to maintain analysis integrity
* fix(ssa): ungate debug_assert_bfs_ordering for release-tests build
The helper at src/ssa/lower.rs was gated `#[cfg(debug_assertions)]` while
the unit test at the bottom of the file was gated only `#[cfg(test)]`.
Since `cfg(test)` is set in release builds with `--tests` but
`cfg(debug_assertions)` is not, `cargo build --release --tests` failed
with E0425. Removing the gate fixes the build; the body is `debug_assert!`
only, so the helper is free in release. Also drop the gate at the call
site to avoid a `dead_code` warning when the lib is built without
`--tests`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* test(closure-capture): flip JS/TS fixtures to required-finding
The JS and TS closure-capture fixtures pinned the old broken behaviour
via `forbidden_findings: [{ "id_prefix": "taint-" }]`. The engine now
correctly traces taint through the closure boundary (env source captured
by an arrow function, sunk via `child_process.exec` inside the body), so
the formerly-forbidden finding is a true positive.
Match the Python sibling's shape — `required_findings` with
`id_prefix` + `min_count` plus a small `noise_budget` — and rewrite the
companion READMEs and the phase8_fragility_tests doc-comments from
"known gap" to "regression guard".
Verified:
- cargo test --release --test phase8_fragility_tests → 8/8 pass
- cargo test --release --lib bfs_assertion → pass
- corpus benchmark F1 = 0.9976 (TP=205, FP=1, FN=0) — unchanged
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: Add OWASP mapping and baseline mutation hooks for enhanced security analysis
* feat: Introduce health module and enhance health score computation with calibration tests
* feat: Add expectations configuration and cleanup .gitignore for log files
* feat: Implement theme selection and enhance settings panel for triage sync
* feat: Suppress false positives for strcpy calls with literal sources in AST
* feat: Update analyse_function_ssa to return body CFG for accurate analysis
* feat: Add bug report and feature request templates for improved issue tracking
* feat: removed dev scripts
* feat: update README.md for clarity and consistency in fixture descriptions
* feat: removed dev docs
* feat: clean up error handling and UI elements for improved user experience
* feat: adjust button sizes in HeaderBar for better UI consistency
* feat: enhance taint analysis with additional context for sanitizer and taint findings
* cargo fmt
* prettier
* refactor: simplify conditional checks and improve code readability in AST and screenshot capture scripts
* feat: add script to frame PNG screenshots with brand gradient
* feat: add fuzzing support with new targets and CI workflows
* refactor: streamline match expressions and improve formatting in CLI and output handling
* feat: enhance configuration display with detailed output options
* feat: stage demo configuration for improved CLI screenshot output
* feat: expose merge_configs function for user-configurable settings
* refactor: simplify code structure and improve readability in config handling
* refactor: improve descriptions for vulnerability patterns in various languages
* feat: update MIT License section with additional usage details and copyright information
* feat: update screenshots
* refactor: update build process and paths for frontend assets
* feat: add cross-file taint fuzzing target and supporting dictionary
* refactor: clean up formatting and comments in fuzz configuration and example files
* refactor: remove outdated comments and clean up CI configuration files
* chore: update changelog dates and improve formatting in documentation
* refactor: update Cargo.toml and CI configuration for improved packaging and build process
* refactor: enhance quote-stripping logic to prevent panics and add regression tests
---------
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
8078 lines
No EOL
233 KiB
JSON
8078 lines
No EOL
233 KiB
JSON
{
|
|
"benchmark_version": "1.0",
|
|
"timestamp": "2026-04-29T03:43:28Z",
|
|
"scanner_version": "0.5.0",
|
|
"scanner_config": {
|
|
"analysis_mode": "Full",
|
|
"taint_enabled": true,
|
|
"ast_patterns_enabled": true,
|
|
"state_analysis_enabled": true,
|
|
"worker_threads": 1
|
|
},
|
|
"ground_truth_hash": "sha256:3e034f1fc5c7bb7838f1fb2c63de5ca5a36aacfdf5d66cf25f30bff99f25f1cf",
|
|
"corpus_size": 433,
|
|
"cases_run": 432,
|
|
"cases_skipped": 1,
|
|
"outcomes": [
|
|
{
|
|
"case_id": "c-buf-001",
|
|
"file": "c/buffer_overflow/buffer_sprintf.c",
|
|
"language": "c",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"c.memory.sprintf"
|
|
],
|
|
"all_finding_ids": [
|
|
"c.memory.sprintf",
|
|
"taint-unsanitised-flow (source 6:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-buf-002",
|
|
"file": "c/buffer_overflow/buffer_strcpy.c",
|
|
"language": "c",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"all_finding_ids": [
|
|
"c.memory.strcpy",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-buf-003",
|
|
"file": "c/buffer_overflow/buffer_strcat.c",
|
|
"language": "c",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"c.memory.strcat"
|
|
],
|
|
"all_finding_ids": [
|
|
"c.memory.strcat",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-buf-005",
|
|
"file": "c/buffer_overflow/buffer_strcpy_user_arg.c",
|
|
"language": "c",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-cmdi-001",
|
|
"file": "c/cmdi/cmdi_system.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.cmdi.system",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.cmdi.system",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-cmdi-002",
|
|
"file": "c/cmdi/cmdi_popen.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.cmdi.popen",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.cmdi.popen",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-cmdi-003",
|
|
"file": "c/cmdi/cmdi_exec.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-cmdi-004",
|
|
"file": "c/cmdi/cmdi_fgets.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.cmdi.system",
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.cmdi.system",
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-fmt-001",
|
|
"file": "c/fmt_string/fmt_printf.c",
|
|
"language": "c",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"c.memory.printf_no_fmt"
|
|
],
|
|
"all_finding_ids": [
|
|
"c.memory.printf_no_fmt",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-fmt-002",
|
|
"file": "c/fmt_string/fmt_fprintf.c",
|
|
"language": "c",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-path-001",
|
|
"file": "c/path_traversal/path_traversal_fopen.c",
|
|
"language": "c",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-path-002",
|
|
"file": "c/path_traversal/path_traversal_open.c",
|
|
"language": "c",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-001",
|
|
"file": "c/safe/safe_constant.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-002",
|
|
"file": "c/safe/safe_sanitized_snprintf.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-003",
|
|
"file": "c/safe/safe_atoi.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-004",
|
|
"file": "c/safe/safe_reassigned.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-005",
|
|
"file": "c/safe/safe_strncpy.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-006",
|
|
"file": "c/safe/safe_validated.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-007",
|
|
"file": "c/safe/safe_strtol.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-008",
|
|
"file": "c/safe/safe_sanitize_func.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-014",
|
|
"file": "c/safe/safe_direct_path_sanitizer.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-015",
|
|
"file": "c/safe/safe_status_code_sanitizer.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-016",
|
|
"file": "c/safe/safe_cross_function_dotdot.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-017",
|
|
"file": "c/safe/safe_strcpy_literal_src.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-018",
|
|
"file": "c/safe/safe_sprintf_bounded_format.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-ssrf-001",
|
|
"file": "c/ssrf/ssrf_curl.c",
|
|
"language": "c",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-buf-001",
|
|
"file": "cpp/buffer_overflow/buffer_sprintf.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cpp.memory.sprintf"
|
|
],
|
|
"all_finding_ids": [
|
|
"cpp.memory.sprintf",
|
|
"taint-unsanitised-flow (source 6:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-buf-002",
|
|
"file": "cpp/buffer_overflow/buffer_strcpy.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"all_finding_ids": [
|
|
"cpp.memory.strcpy",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-001",
|
|
"file": "cpp/cmdi/cmdi_system.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.cmdi.system",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.cmdi.system",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-002",
|
|
"file": "cpp/cmdi/cmdi_popen.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.cmdi.popen",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.cmdi.popen",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-003",
|
|
"file": "cpp/cmdi/cmdi_getline.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.cmdi.system",
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.cmdi.system",
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-004",
|
|
"file": "cpp/cmdi/cmdi_exec.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-005",
|
|
"file": "cpp/cmdi/cmdi_stl_vector_string.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 16:23)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 16:23)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-006",
|
|
"file": "cpp/cmdi/cmdi_lambda_passthrough.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 14:19)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 14:19)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-007",
|
|
"file": "cpp/cmdi/cmdi_class_inline_method.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 25:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"taint-unsanitised-flow (source 25:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-fmt-001",
|
|
"file": "cpp/fmt_string/fmt_printf.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cpp.memory.printf_no_fmt"
|
|
],
|
|
"all_finding_ids": [
|
|
"cpp.memory.printf_no_fmt",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-fmt-002",
|
|
"file": "cpp/fmt_string/fmt_fprintf.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-path-001",
|
|
"file": "cpp/path_traversal/path_traversal_fopen.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-path-002",
|
|
"file": "cpp/path_traversal/path_traversal_open.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-001",
|
|
"file": "cpp/safe/safe_constant.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-002",
|
|
"file": "cpp/safe/safe_snprintf.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-003",
|
|
"file": "cpp/safe/safe_stoi.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-004",
|
|
"file": "cpp/safe/safe_reassigned.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-005",
|
|
"file": "cpp/safe/safe_strncpy.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-006",
|
|
"file": "cpp/safe/safe_validated.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-007",
|
|
"file": "cpp/safe/safe_sanitize_func.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-008",
|
|
"file": "cpp/safe/safe_strtol.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-014",
|
|
"file": "cpp/safe/safe_direct_path_sanitizer.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-015",
|
|
"file": "cpp/safe/safe_optional_path_sanitizer.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-016",
|
|
"file": "cpp/safe/safe_cross_function_dotdot.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-017",
|
|
"file": "cpp/safe/safe_stl_vector_int.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-018",
|
|
"file": "cpp/safe/safe_builder_const_host.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-ssrf-001",
|
|
"file": "cpp/ssrf/ssrf_curl.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-ssrf-002",
|
|
"file": "cpp/ssrf/ssrf_connect.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 10:21)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 10:21)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-ssrf-003",
|
|
"file": "cpp/ssrf/ssrf_builder_user_host.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 23:23)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 23:23)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-c-2016-3714-patched",
|
|
"file": "cve_corpus/c/CVE-2016-3714/patched.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-c-2016-3714-vulnerable",
|
|
"file": "cve_corpus/c/CVE-2016-3714/vulnerable.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.cmdi.system"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.cmdi.system"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-c-2019-18634-patched",
|
|
"file": "cve_corpus/c/CVE-2019-18634/patched.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-c-2019-18634-vulnerable",
|
|
"file": "cve_corpus/c/CVE-2019-18634/vulnerable.c",
|
|
"language": "c",
|
|
"vuln_class": "memory_safety",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-cpp-2019-13132-patched",
|
|
"file": "cve_corpus/cpp/CVE-2019-13132/patched.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-cpp-2019-13132-vulnerable",
|
|
"file": "cve_corpus/cpp/CVE-2019-13132/vulnerable.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "memory_safety",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-cpp-2022-1941-patched",
|
|
"file": "cve_corpus/cpp/CVE-2022-1941/patched.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-cpp-2022-1941-vulnerable",
|
|
"file": "cve_corpus/cpp/CVE-2022-1941/vulnerable.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "memory_safety",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2022-30323-patched",
|
|
"file": "cve_corpus/go/CVE-2022-30323/patched.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2022-30323-vulnerable",
|
|
"file": "cve_corpus/go/CVE-2022-30323/vulnerable.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"taint-unsanitised-flow (source 30:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"taint-unsanitised-flow (source 30:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2023-3188-patched",
|
|
"file": "cve_corpus/go/CVE-2023-3188/patched.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2023-3188-vulnerable",
|
|
"file": "cve_corpus/go/CVE-2023-3188/vulnerable.go",
|
|
"language": "go",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "FN",
|
|
"outcome_rule_level": "FN",
|
|
"outcome_location_level": "FN",
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2024-31450-patched",
|
|
"file": "cve_corpus/go/CVE-2024-31450/patched.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2024-31450-vulnerable",
|
|
"file": "cve_corpus/go/CVE-2024-31450/vulnerable.go",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 62:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 62:11)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2015-7501-patched",
|
|
"file": "cve_corpus/java/CVE-2015-7501/patched.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2015-7501-vulnerable",
|
|
"file": "cve_corpus/java/CVE-2015-7501/vulnerable.java",
|
|
"language": "java",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 34:54)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"all_finding_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 34:54)",
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2017-12629-patched",
|
|
"file": "cve_corpus/java/CVE-2017-12629/patched.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2017-12629-vulnerable",
|
|
"file": "cve_corpus/java/CVE-2017-12629/vulnerable.java",
|
|
"language": "java",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 29:21)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 29:21)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2019-14939-patched",
|
|
"file": "cve_corpus/javascript/CVE-2019-14939/patched.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2019-14939-vulnerable",
|
|
"file": "cve_corpus/javascript/CVE-2019-14939/vulnerable.js",
|
|
"language": "javascript",
|
|
"vuln_class": "code_exec",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 24:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 24:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2025-64430-patched",
|
|
"file": "cve_corpus/javascript/CVE-2025-64430/patched.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2025-64430-vulnerable",
|
|
"file": "cve_corpus/javascript/CVE-2025-64430/vulnerable.js",
|
|
"language": "javascript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 52:30)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 52:30)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-php-2017-9841-patched",
|
|
"file": "cve_corpus/php/CVE-2017-9841/patched.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-php-2017-9841-vulnerable",
|
|
"file": "cve_corpus/php/CVE-2017-9841/vulnerable.php",
|
|
"language": "php",
|
|
"vuln_class": "code_exec",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.code_exec.eval",
|
|
"taint-unsanitised-flow (source 21:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.code_exec.eval",
|
|
"taint-unsanitised-flow (source 21:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-php-2018-15133-patched",
|
|
"file": "cve_corpus/php/CVE-2018-15133/patched.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-php-2018-15133-vulnerable",
|
|
"file": "cve_corpus/php/CVE-2018-15133/vulnerable.php",
|
|
"language": "php",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 24:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 24:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2017-18342-patched",
|
|
"file": "cve_corpus/python/CVE-2017-18342/patched.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2017-18342-vulnerable",
|
|
"file": "cve_corpus/python/CVE-2017-18342/vulnerable.py",
|
|
"language": "python",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.deser.yaml_load",
|
|
"taint-unsanitised-flow (source 26:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.deser.yaml_load",
|
|
"taint-unsanitised-flow (source 26:11)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2023-48022-patched",
|
|
"file": "cve_corpus/python/CVE-2023-48022/patched.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2023-48022-vulnerable",
|
|
"file": "cve_corpus/python/CVE-2023-48022/vulnerable.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 26:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 26:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2013-0156-patched",
|
|
"file": "cve_corpus/ruby/CVE-2013-0156/patched.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2013-0156-vulnerable",
|
|
"file": "cve_corpus/ruby/CVE-2013-0156/vulnerable.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.deser.yaml_load"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.deser.yaml_load"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2020-8130-patched",
|
|
"file": "cve_corpus/ruby/CVE-2020-8130/patched.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2020-8130-vulnerable",
|
|
"file": "cve_corpus/ruby/CVE-2020-8130/vulnerable.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 37:16)",
|
|
"taint-unsanitised-flow (source 44:7)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 37:16)",
|
|
"taint-unsanitised-flow (source 44:7)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2018-20997-patched",
|
|
"file": "cve_corpus/rust/CVE-2018-20997/patched.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2018-20997-vulnerable",
|
|
"file": "cve_corpus/rust/CVE-2018-20997/vulnerable.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 27:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 27:22)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2022-36113-patched",
|
|
"file": "cve_corpus/rust/CVE-2022-36113/patched.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2022-36113-vulnerable",
|
|
"file": "cve_corpus/rust/CVE-2022-36113/vulnerable.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 29:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 29:22)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2024-24576-patched",
|
|
"file": "cve_corpus/rust/CVE-2024-24576/patched.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2024-24576-vulnerable",
|
|
"file": "cve_corpus/rust/CVE-2024-24576/vulnerable.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 27:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 27:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "cve-ts-2023-26159-patched",
|
|
"file": "cve_corpus/typescript/CVE-2023-26159/patched.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-ts-2023-26159-vulnerable",
|
|
"file": "cve_corpus/typescript/CVE-2023-26159/vulnerable.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 28:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 28:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-auth-realrepo-001",
|
|
"file": "go/auth/vuln_repo_findbyid_no_auth.go",
|
|
"language": "go",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"go.auth.missing_ownership_check",
|
|
"go.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.auth.missing_ownership_check",
|
|
"go.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-001",
|
|
"file": "go/cmdi/cmdi_direct.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-002",
|
|
"file": "go/cmdi/cmdi_indirect.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-003",
|
|
"file": "go/cmdi_env/cmdi_env.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-004",
|
|
"file": "go/cmdi/cmdi_unvalidated_queue_element.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 13:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 13:22)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-cross-001",
|
|
"file": "go/cmdi/cross_source/",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-realrepo-001",
|
|
"file": "go/cmdi/vuln_error_log_then_sink.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-error-fallthrough",
|
|
"cfg-unguarded-sink",
|
|
"go.sqli.query_concat"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-error-fallthrough",
|
|
"cfg-unguarded-sink",
|
|
"go.sqli.query_concat"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-fmt_string-001",
|
|
"file": "go/fmt_string/fmt_injection.go",
|
|
"language": "go",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-interproc-001",
|
|
"file": "go/interprocedural/interproc_taint_propagation.go",
|
|
"language": "go",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 13:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 13:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-interproc-safe-001",
|
|
"file": "go/interprocedural/interproc_sanitizer_wrap.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path-002",
|
|
"file": "go/path_traversal/path_traversal_remove.go",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 17:10)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"state-unauthed-access"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 17:10)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path-003",
|
|
"file": "go/path_traversal/path_traversal_ifinit.go",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 27:13)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"state-unauthed-access"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 27:13)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path-safe-002",
|
|
"file": "go/path_traversal/safe_path_traversal_remove.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path-safe-003",
|
|
"file": "go/path_traversal/safe_path_traversal_ifinit.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path_traversal-001",
|
|
"file": "go/path_traversal/path_traversal.go",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path_traversal-cross-001",
|
|
"file": "go/path_traversal/cross_sanitizer/",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-pathprune-safe-001",
|
|
"file": "go/path_pruning/safe_early_return.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-001",
|
|
"file": "go/safe/safe_constant.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-002",
|
|
"file": "go/safe/safe_dominated.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-003",
|
|
"file": "go/safe/safe_interprocedural.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-004",
|
|
"file": "go/safe/safe_non_security_sink.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-005",
|
|
"file": "go/safe/safe_reassigned.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-006",
|
|
"file": "go/safe/safe_sanitized.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-007",
|
|
"file": "go/safe/safe_type_check.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "FP",
|
|
"outcome_rule_level": "FP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 10:11)"
|
|
],
|
|
"all_finding_ids": [
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 10:11)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-008",
|
|
"file": "go/safe/safe_validated.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-009",
|
|
"file": "go/safe/safe_validated_queue_element.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "FP",
|
|
"outcome_rule_level": "FP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 17:31)"
|
|
],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 17:31)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-014",
|
|
"file": "go/safe/safe_direct_path_sanitizer.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-015",
|
|
"file": "go/safe/safe_tuple_path_sanitizer.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-016",
|
|
"file": "go/safe/safe_cross_function_dotdot.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-atoi-001",
|
|
"file": "go/safe/safe_strconv_atoi.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-fieldproj-phase3",
|
|
"file": "go/safe/safe_chained_receiver_field_proj.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-001",
|
|
"file": "go/safe/safe_error_log_only_function.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-002",
|
|
"file": "go/safe/safe_method_receiver_mutex.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-003",
|
|
"file": "go/safe/safe_const_bound_id.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-004",
|
|
"file": "go/safe/safe_chained_call_response_header.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-005",
|
|
"file": "go/safe/safe_self_method_receiver.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-sqli-001",
|
|
"file": "go/sqli/sqli_concat.go",
|
|
"language": "go",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 9:8)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"go.auth.missing_ownership_check"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"go.auth.missing_ownership_check",
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 9:8)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-sqli-002",
|
|
"file": "go/sqli/sqli_sprintf.go",
|
|
"language": "go",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 10:8)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 10:8)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-sqli-003",
|
|
"file": "go/sqli/sqli_queryrow.go",
|
|
"language": "go",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 9:8)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"go.auth.missing_ownership_check"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"go.auth.missing_ownership_check",
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 9:8)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-001",
|
|
"file": "go/ssrf/ssrf_http_get.go",
|
|
"language": "go",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-002",
|
|
"file": "go/ssrf/ssrf_new_request.go",
|
|
"language": "go",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:9)",
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:9)",
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-004",
|
|
"file": "go/ssrf/ssrf_default_client_get.go",
|
|
"language": "go",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 12:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 12:9)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-safe-001",
|
|
"file": "go/ssrf/safe_ssrf_hardcoded.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-safe-002",
|
|
"file": "go/ssrf/safe_ssrf_default_client_get.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-xss-001",
|
|
"file": "go/xss/xss_fprintf.go",
|
|
"language": "go",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-xss-002",
|
|
"file": "go/xss/xss_template_html.go",
|
|
"language": "go",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:11)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-xss-gin-001",
|
|
"file": "go/xss/xss_gin_source.go",
|
|
"language": "go",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-cmdi-001",
|
|
"file": "java/cmdi/CmdiDirect.java",
|
|
"language": "java",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-cmdi-002",
|
|
"file": "java/cmdi/CmdiIndirect.java",
|
|
"language": "java",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 5:23)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 5:23)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-code_injection-001",
|
|
"file": "java/code_injection/CodeInjection.java",
|
|
"language": "java",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.reflection.class_forname",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.reflection.class_forname",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-deser-001",
|
|
"file": "java/deser/DeserOis.java",
|
|
"language": "java",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 6:55)",
|
|
"taint-unsanitised-flow (source 6:55)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"all_finding_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 6:55)",
|
|
"java.xss.getwriter_print",
|
|
"taint-unsanitised-flow (source 6:55)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-deser-002",
|
|
"file": "java/deser/DeserSource.java",
|
|
"language": "java",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 6:55)",
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 6:55)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 6:55)",
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 6:55)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-interproc-001",
|
|
"file": "java/interprocedural/InterprocTaintPropagation.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:25)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-resource-leak",
|
|
"taint-unsanitised-flow (source 9:25)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-interproc-safe-001",
|
|
"file": "java/interprocedural/InterprocSanitizerWrap.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-path_traversal-001",
|
|
"file": "java/path_traversal/PathTraversal.java",
|
|
"language": "java",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-preauth-001",
|
|
"file": "java/auth/SafePreAuthorize.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-preauth-vuln-001",
|
|
"file": "java/auth/VulnNoPreAuthorize.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 11:23)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"all_finding_ids": [
|
|
"java.xss.getwriter_print",
|
|
"taint-unsanitised-flow (source 11:23)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-001",
|
|
"file": "java/safe/SafeConstant.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-002",
|
|
"file": "java/safe/SafeDominated.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-003",
|
|
"file": "java/safe/SafeInterprocedural.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-004",
|
|
"file": "java/safe/SafeNonSecuritySink.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-005",
|
|
"file": "java/safe/SafeReassigned.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-006",
|
|
"file": "java/safe/SafeSanitized.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-007",
|
|
"file": "java/safe/SafeTypeCheck.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-008",
|
|
"file": "java/safe/SafeValidated.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-014",
|
|
"file": "java/safe/SafeDirectPathSanitizer.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-015",
|
|
"file": "java/safe/SafeOptionalPathSanitizer.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-016",
|
|
"file": "java/safe/SafeCrossFunctionDotdot.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-prepared-001",
|
|
"file": "java/safe/safe_prepared_statement.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-realrepo-001",
|
|
"file": "java/safe/SafeLoggerIsEnabled.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-realrepo-keycloak-001",
|
|
"file": "java/safe/SafeJpaParameterizedExecute.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-sqli-001",
|
|
"file": "java/sqli/SqliConcat.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"java.sqli.execute_concat",
|
|
"taint-unsanitised-flow (source 6:21)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak",
|
|
"java.sqli.execute_concat",
|
|
"taint-unsanitised-flow (source 6:21)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-sqli-002",
|
|
"file": "java/sqli/SqliFormat.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 6:21)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak",
|
|
"taint-unsanitised-flow (source 6:21)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-sqli-realrepo-keycloak-001",
|
|
"file": "java/sqli/SqliJpaCreateQueryConcat.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-sqli-stmt-001",
|
|
"file": "java/sqli/sqli_statement_vs_prepared.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 7:21)",
|
|
"taint-unsanitised-flow (source 7:21)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"java.sqli.execute_concat",
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"java.sqli.execute_concat",
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 7:21)",
|
|
"java.xss.getwriter_print",
|
|
"taint-unsanitised-flow (source 7:21)"
|
|
],
|
|
"security_finding_count": 6,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-ssrf-001",
|
|
"file": "java/ssrf/SsrfRequest.java",
|
|
"language": "java",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 7:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 7:22)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-ssrf-002",
|
|
"file": "java/ssrf/SsrfHttpClient.java",
|
|
"language": "java",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:22)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-xss-001",
|
|
"file": "java/xss/XssReflected.java",
|
|
"language": "java",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:23)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:23)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-allowlist-dispatch-001",
|
|
"file": "javascript/safe/safe_switch_dispatch.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-auth-realrepo-001",
|
|
"file": "javascript/auth/safe_req_user_id_copy.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-cmdi-001",
|
|
"file": "javascript/cmdi/cmdi_direct.js",
|
|
"language": "javascript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-cmdi-002",
|
|
"file": "javascript/cmdi/cmdi_indirect.js",
|
|
"language": "javascript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-code_injection-001",
|
|
"file": "javascript/code_injection/code_injection.js",
|
|
"language": "javascript",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-code_injection-002",
|
|
"file": "javascript/code_injection/code_injection_indirect.js",
|
|
"language": "javascript",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"js.code_exec.new_function"
|
|
],
|
|
"all_finding_ids": [
|
|
"js.code_exec.new_function",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-destructure-sanitize-001",
|
|
"file": "javascript/safe/safe_object_destructure_sanitize.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-destructure-vuln-001",
|
|
"file": "javascript/xss/vuln_object_destructure_no_sanitize.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:21)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:21)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-interproc-001",
|
|
"file": "javascript/interprocedural/interproc_taint_propagation.js",
|
|
"language": "javascript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 10:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 10:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-interproc-safe-001",
|
|
"file": "javascript/interprocedural/interproc_sanitizer_wrap.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-path_traversal-001",
|
|
"file": "javascript/path_traversal/path_traversal.js",
|
|
"language": "javascript",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-pathprune-safe-001",
|
|
"file": "javascript/path_pruning/safe_early_return.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-001",
|
|
"file": "javascript/safe/safe_constant.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-002",
|
|
"file": "javascript/safe/safe_dominated.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-003",
|
|
"file": "javascript/safe/safe_interprocedural.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-004",
|
|
"file": "javascript/safe/safe_non_security_sink.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-005",
|
|
"file": "javascript/safe/safe_reassigned.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-006",
|
|
"file": "javascript/safe/safe_sanitized.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-007",
|
|
"file": "javascript/safe/safe_type_check.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-008",
|
|
"file": "javascript/safe/safe_validated.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-014",
|
|
"file": "javascript/safe/safe_direct_path_sanitizer.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-015",
|
|
"file": "javascript/safe/safe_null_path_sanitizer.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-016",
|
|
"file": "javascript/safe/safe_cross_function_dotdot.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-parseInt-001",
|
|
"file": "javascript/safe/safe_parseInt.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-realrepo-001",
|
|
"file": "javascript/safe/safe_dom_globals_and_methods.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-realrepo-002",
|
|
"file": "javascript/safe/safe_happy_path_error_check.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-sqli-001",
|
|
"file": "javascript/sqli/sqli_concat.js",
|
|
"language": "javascript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-sqli-002",
|
|
"file": "javascript/sqli/sqli_template.js",
|
|
"language": "javascript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-001",
|
|
"file": "javascript/ssrf/ssrf_fetch.js",
|
|
"language": "javascript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-002",
|
|
"file": "javascript/ssrf/ssrf_axios.js",
|
|
"language": "javascript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-003",
|
|
"file": "javascript/ssrf/ssrf_http_get_chained.js",
|
|
"language": "javascript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-safe-001",
|
|
"file": "javascript/ssrf/safe_ssrf_hardcoded.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-safe-002",
|
|
"file": "javascript/ssrf/safe_http_get_hardcoded_chained.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-001",
|
|
"file": "javascript/xss/xss_reflected.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-002",
|
|
"file": "javascript/xss/xss_document_write.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.xss.document_write",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.xss.document_write",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-003",
|
|
"file": "javascript/xss/xss_location.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.xss.location_assign",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.xss.location_assign",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-cross-001",
|
|
"file": "javascript/xss/cross_propagation/",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.xss.document_write",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.xss.document_write",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-react-001",
|
|
"file": "javascript/xss/xss_react_dangerously.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-cmdi-001",
|
|
"file": "php/cmdi/cmdi_direct.php",
|
|
"language": "php",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.cmdi.system",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.cmdi.system",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-cmdi-002",
|
|
"file": "php/cmdi/cmdi_indirect.php",
|
|
"language": "php",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.cmdi.system",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.cmdi.system",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-code_injection-001",
|
|
"file": "php/code_injection/code_injection.php",
|
|
"language": "php",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.code_exec.eval",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.code_exec.eval",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-code_injection-002",
|
|
"file": "php/code_injection/code_injection_assert.php",
|
|
"language": "php",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-deser-001",
|
|
"file": "php/deser/deser_unserialize.php",
|
|
"language": "php",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 2:1)",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 2:1)",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-deser-002",
|
|
"file": "php/deser/deser_unserialize_allowed_true.php",
|
|
"language": "php",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 7:1)",
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 7:1)",
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-interproc-001",
|
|
"file": "php/interprocedural/interproc_taint_propagation.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-interproc-safe-001",
|
|
"file": "php/interprocedural/interproc_sanitizer_wrap.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-isgranted-001",
|
|
"file": "php/auth/safe_isgranted.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-isgranted-vuln-001",
|
|
"file": "php/auth/vuln_no_isgranted.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-path_traversal-001",
|
|
"file": "php/path_traversal/path_traversal.php",
|
|
"language": "php",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-path_traversal-002",
|
|
"file": "php/path_traversal/path_traversal_copy.php",
|
|
"language": "php",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-path_traversal-003",
|
|
"file": "php/path_traversal/path_traversal_concat.php",
|
|
"language": "php",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.path.include_variable"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.path.include_variable"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-001",
|
|
"file": "php/safe/safe_constant.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-002",
|
|
"file": "php/safe/safe_dominated.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-003",
|
|
"file": "php/safe/safe_interprocedural.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-004",
|
|
"file": "php/safe/safe_non_security_sink.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-005",
|
|
"file": "php/safe/safe_reassigned.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-006",
|
|
"file": "php/safe/safe_sanitized.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-007",
|
|
"file": "php/safe/safe_type_check.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-008",
|
|
"file": "php/safe/safe_validated.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-014",
|
|
"file": "php/safe/safe_direct_path_sanitizer.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-015",
|
|
"file": "php/safe/safe_nullable_path_sanitizer.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-016",
|
|
"file": "php/safe/safe_cross_function_dotdot.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-017",
|
|
"file": "php/safe/safe_unserialize_allowed_classes.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-018",
|
|
"file": "php/safe/safe_include_param_passthrough.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-filter-001",
|
|
"file": "php/safe/safe_filter_input.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-sqli-001",
|
|
"file": "php/sqli/sqli_concat.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-sqli-002",
|
|
"file": "php/sqli/sqli_sprintf.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-sqli-pdo-001",
|
|
"file": "php/sqli/sqli_pdo_raw.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-ssrf-001",
|
|
"file": "php/ssrf/ssrf_curl.php",
|
|
"language": "php",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-ssrf-safe-001",
|
|
"file": "php/ssrf/safe_ssrf_hardcoded.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-xss-001",
|
|
"file": "php/xss/xss_reflected.php",
|
|
"language": "php",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-decorator-001",
|
|
"file": "python/safe/safe_login_required_decorator.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-decorator-vuln-001",
|
|
"file": "python/auth/vuln_no_auth_decorator.py",
|
|
"language": "python",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-auth-gap"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-auth-gap"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-001",
|
|
"file": "python/safe/safe_django_migration_token.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-002",
|
|
"file": "python/safe/safe_pytest_conftest_marker.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-003",
|
|
"file": "python/safe/safe_celery_task_no_user_input.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-004",
|
|
"file": "python/auth/vuln_token_override_django_handler.py",
|
|
"language": "python",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.auth.token_override_without_validation"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.auth.token_override_without_validation"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-001",
|
|
"file": "python/cmdi/cmdi_direct.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-002",
|
|
"file": "python/cmdi/cmdi_indirect.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.subprocess_shell",
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.subprocess_shell",
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-cross-001",
|
|
"file": "python/cmdi/cross_propagation/",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 4:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 4:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-cross-002",
|
|
"file": "python/cmdi/cross_source/",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.subprocess_shell"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.subprocess_shell"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-cross-003",
|
|
"file": "python/cmdi/cross_sanitizer/",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 4:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 4:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-cross-004",
|
|
"file": "python/cmdi/cross_indirect_sink/",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:5)",
|
|
"py.cmdi.os_system"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:5)",
|
|
"cfg-unguarded-sink",
|
|
"py.cmdi.os_system"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-popen-001",
|
|
"file": "python/cmdi/cmdi_popen_shell.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"py.cmdi.subprocess_shell"
|
|
],
|
|
"all_finding_ids": [
|
|
"py.cmdi.subprocess_shell",
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-code_injection-001",
|
|
"file": "python/code_injection/code_injection.py",
|
|
"language": "python",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-code_injection-002",
|
|
"file": "python/code_injection/code_injection_exec.py",
|
|
"language": "python",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.code_exec.exec",
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.code_exec.exec",
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-context-sanitize-001",
|
|
"file": "python/safe/safe_with_context_sanitize.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-deser-001",
|
|
"file": "python/deser/deser_pickle.py",
|
|
"language": "python",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.deser.pickle_loads",
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.deser.pickle_loads",
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-interproc-001",
|
|
"file": "python/interprocedural/interproc_taint_propagation.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"py.cmdi.os_system"
|
|
],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-interproc-safe-001",
|
|
"file": "python/interprocedural/interproc_sanitizer_wrap.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-path_traversal-001",
|
|
"file": "python/path_traversal/path_traversal.py",
|
|
"language": "python",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-pathprune-safe-001",
|
|
"file": "python/path_pruning/safe_early_return.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-001",
|
|
"file": "python/safe/safe_constant.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-002",
|
|
"file": "python/safe/safe_dominated.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-003",
|
|
"file": "python/safe/safe_interprocedural.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-004",
|
|
"file": "python/safe/safe_non_security_sink.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-005",
|
|
"file": "python/safe/safe_reassigned.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-006",
|
|
"file": "python/safe/safe_sanitized.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-007",
|
|
"file": "python/safe/safe_type_check.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-008",
|
|
"file": "python/safe/safe_validated.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-014",
|
|
"file": "python/safe/safe_direct_path_sanitizer.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-015",
|
|
"file": "python/safe/safe_optional_path_sanitizer.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-016",
|
|
"file": "python/safe/safe_cross_function_dotdot.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-int-001",
|
|
"file": "python/safe/safe_int_cast.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-sqli-001",
|
|
"file": "python/sqli/sqli_concat.py",
|
|
"language": "python",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak",
|
|
"py.sqli.execute_format"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak",
|
|
"py.sqli.execute_format",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-sqli-002",
|
|
"file": "python/sqli/sqli_format.py",
|
|
"language": "python",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"py.sqli.execute_format",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak",
|
|
"py.sqli.execute_format",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-ssrf-001",
|
|
"file": "python/ssrf/ssrf_requests.py",
|
|
"language": "python",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-ssrf-002",
|
|
"file": "python/ssrf/ssrf_httpx_post.py",
|
|
"language": "python",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-ssrf-safe-001",
|
|
"file": "python/ssrf/safe_ssrf_constant.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-validator-sentinel-001",
|
|
"file": "python/safe/safe_validator_sentinel.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-validator-sentinel-vuln-001",
|
|
"file": "python/sqli/vuln_validator_sentinel_bypass.py",
|
|
"language": "python",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 17:11)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"state-resource-leak",
|
|
"py.sqli.execute_format"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"py.sqli.execute_format",
|
|
"taint-unsanitised-flow (source 17:11)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-xss-001",
|
|
"file": "python/xss/xss_reflected.py",
|
|
"language": "python",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-xss-002",
|
|
"file": "python/xss/xss_template_string.py",
|
|
"language": "python",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-interproc-001",
|
|
"file": "ruby/interprocedural/interproc_taint_propagation.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-interproc-safe-001",
|
|
"file": "ruby/interprocedural/interproc_sanitizer_wrap.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-safe-014",
|
|
"file": "ruby/safe/safe_direct_path_sanitizer.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-safe-015",
|
|
"file": "ruby/safe/safe_nil_path_sanitizer.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-safe-016",
|
|
"file": "ruby/safe/safe_cross_function_dotdot.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-001",
|
|
"file": "rust/auth/actix_scoped_write_missing.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-002",
|
|
"file": "rust/auth/true_positive_missing_check.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-003",
|
|
"file": "rust/auth/row_ownership_no_early_exit.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-101",
|
|
"file": "rust/auth/hashmap_local_noise.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-102",
|
|
"file": "rust/auth/helper_scoped_params.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-103",
|
|
"file": "rust/auth/row_ownership_equality.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-104",
|
|
"file": "rust/auth/self_scoped_user.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-105",
|
|
"file": "rust/auth/db_connection_type_inferred.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-106",
|
|
"file": "rust/auth/sql_join_acl.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-107",
|
|
"file": "rust/auth/transitive_helper.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-108",
|
|
"file": "rust/auth/row_fetch_then_authorize.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-auth-109",
|
|
"file": "rust/auth/predicate_role_check.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-110",
|
|
"file": "rust/auth/unsafe_row_fetch_no_authz.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.quality.todo",
|
|
"rs.auth.missing_ownership_check",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-auth-dto-int-field-001",
|
|
"file": "rust/auth/safe_dto_int_field_axum.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-dto-string-field-001",
|
|
"file": "rust/auth/unsafe_dto_string_field_axum.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-001",
|
|
"file": "rust/auth/self_actor_uid_copy.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-002",
|
|
"file": "rust/auth/require_resource_role_helper.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-003",
|
|
"file": "rust/auth/self_publish_email.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-006",
|
|
"file": "rust/auth/safe_row_population_reverse_walk.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-007",
|
|
"file": "rust/auth/safe_row_fetch_multiline_let.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-008",
|
|
"file": "rust/auth/unsafe_row_population_no_check.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.auth.missing_ownership_check",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-009",
|
|
"file": "rust/auth/safe_local_user_view_extractor.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-010",
|
|
"file": "rust/auth/unsafe_local_user_view_extractor.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-typed-extractors-001",
|
|
"file": "rust/auth/safe_typed_path_int_extractor.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-001",
|
|
"file": "rust/cmdi/cmdi_command.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-002",
|
|
"file": "rust/cmdi/cmdi_command_output.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-003",
|
|
"file": "rust/cmdi/cmdi_indirect.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "FN",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:17)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 9:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-004",
|
|
"file": "rust/cmdi/cmdi_args.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:20)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:20)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-005",
|
|
"file": "rust/cmdi/cmdi_format_macro.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-006",
|
|
"file": "rust/cmdi/cmdi_match_source.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-007",
|
|
"file": "rust/cmdi/cmdi_string_concat.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-008",
|
|
"file": "rust/cmdi/cmdi_static_map_dangerous.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 6:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-009",
|
|
"file": "rust/cmdi/cmdi_indirect_multisink.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "FN",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 11:13)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink",
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"rs.quality.unwrap",
|
|
"cfg-unguarded-sink",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 11:13)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 4
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-cross-001",
|
|
"file": "rust/cmdi/cross_propagation/",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 7:17)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-deser-001",
|
|
"file": "rust/deser/deser_serde_yaml.rs",
|
|
"language": "rust",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 8:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-001",
|
|
"file": "rust/path_traversal/path_read.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-002",
|
|
"file": "rust/path_traversal/path_write.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-003",
|
|
"file": "rust/path_traversal/path_file_open.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-004",
|
|
"file": "rust/path_traversal/path_file_create.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-005",
|
|
"file": "rust/path_traversal/path_remove.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-006",
|
|
"file": "rust/traversal/traversal_no_sanitizer.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 10:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 10:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-001",
|
|
"file": "rust/safe/safe_constant.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-002",
|
|
"file": "rust/safe/safe_sanitized_shell.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-003",
|
|
"file": "rust/safe/safe_reassigned.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-004",
|
|
"file": "rust/safe/safe_validated.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.panic_macro",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-safe-005",
|
|
"file": "rust/safe/safe_hardcoded_url.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-safe-006",
|
|
"file": "rust/safe/safe_type_check.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.expect",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-safe-007",
|
|
"file": "rust/safe/safe_interprocedural.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-008",
|
|
"file": "rust/safe/safe_dominated.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-009",
|
|
"file": "rust/safe/safe_shell_metachar.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-009",
|
|
"file": "rust/safe/safe_match_guard.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-010",
|
|
"file": "rust/safe/safe_static_map_lookup.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-011",
|
|
"file": "rust/safe/safe_parsed_port.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.expect",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-safe-012",
|
|
"file": "rust/safe/safe_path_contains_dotdot.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-014",
|
|
"file": "rust/safe/safe_option_sanitizer.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-015",
|
|
"file": "rust/safe/safe_path_is_absolute.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-016",
|
|
"file": "rust/safe/safe_cross_function_dotdot.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-cross-001",
|
|
"file": "rust/cmdi/cross_sanitizer/",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-sqli-001",
|
|
"file": "rust/sqli/sqli_rusqlite_format.rs",
|
|
"language": "rust",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-sqli-002",
|
|
"file": "rust/sqli/sqli_metachar_gate_wrong_sink.rs",
|
|
"language": "rust",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-ssrf-001",
|
|
"file": "rust/ssrf/ssrf_reqwest.rs",
|
|
"language": "rust",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 4:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-ssrf-002",
|
|
"file": "rust/ssrf/ssrf_indirect.rs",
|
|
"language": "rust",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "FN",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 8:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-ssrf-003",
|
|
"file": "rust/ssrf/ssrf_client_builder.rs",
|
|
"language": "rust",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 4:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-xss-001",
|
|
"file": "rust/xss/axum_html/",
|
|
"language": "rust",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 3:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 3:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-auth-missing-post-fetch-001",
|
|
"file": "ruby/auth/auth_missing_post_fetch_check.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-before-action-001",
|
|
"file": "ruby/auth/safe_before_action.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-cmdi-001",
|
|
"file": "ruby/cmdi/cmdi_system.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.cmdi.system_interp",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.cmdi.system_interp",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-cmdi-002",
|
|
"file": "ruby/cmdi/cmdi_backtick.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.cmdi.backtick",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.cmdi.backtick",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-cmdi-003",
|
|
"file": "ruby/cmdi/cmdi_kernel_open.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 10:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 10:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-code_injection-001",
|
|
"file": "ruby/code_injection/code_injection_eval.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.code_exec.eval",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.code_exec.eval",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-deser-001",
|
|
"file": "ruby/deser/deser_marshal.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.deser.marshal_load",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.deser.marshal_load",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-deser-002",
|
|
"file": "ruby/deser/deser_yaml.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.deser.yaml_load",
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.deser.yaml_load",
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-path_traversal-001",
|
|
"file": "ruby/path_traversal/path_traversal_send_file.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-001",
|
|
"file": "ruby/safe/safe_constant.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-002",
|
|
"file": "ruby/safe/safe_dominated.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-003",
|
|
"file": "ruby/safe/safe_interprocedural.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-004",
|
|
"file": "ruby/safe/safe_non_security_sink.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-005",
|
|
"file": "ruby/safe/safe_reassigned.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-006",
|
|
"file": "ruby/safe/safe_sanitized.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-007",
|
|
"file": "ruby/safe/safe_type_check.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-008",
|
|
"file": "ruby/safe/safe_validated.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-009",
|
|
"file": "ruby/safe/safe_kernel_open_file_namespaced.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-ar-query-shapes-001",
|
|
"file": "ruby/safe/safe_active_record_query_shapes.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-post-fetch-ownership-001",
|
|
"file": "ruby/safe/safe_post_fetch_ownership_check.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-strong-params-001",
|
|
"file": "ruby/safe/safe_strong_params.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-sqli-001",
|
|
"file": "ruby/sqli/sqli_find_by_sql.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-sqli-002",
|
|
"file": "ruby/sqli/sqli_execute.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-sqli-where-chained-interp-001",
|
|
"file": "ruby/sqli/sqli_where_chained_interpolation.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-sqli-where-string-interp-001",
|
|
"file": "ruby/sqli/sqli_where_string_interpolation.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-ssrf-001",
|
|
"file": "ruby/ssrf/ssrf_httparty.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-ssrf-002",
|
|
"file": "ruby/ssrf/ssrf_net_http.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-ssrf-safe-001",
|
|
"file": "ruby/ssrf/safe_ssrf_hardcoded.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-xss-001",
|
|
"file": "ruby/xss/xss_html_safe.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-xss-002",
|
|
"file": "ruby/xss/xss_raw.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-001",
|
|
"file": "typescript/auth/safe_session_user_id_copy.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-002",
|
|
"file": "typescript/auth/vuln_target_user_id_no_check.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.quality.any_annotation",
|
|
"ts.quality.any_annotation",
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-003",
|
|
"file": "typescript/auth/safe_destructured_session_user.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-004",
|
|
"file": "typescript/auth/safe_trpc_ctx_user_options.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-005",
|
|
"file": "typescript/auth/vuln_trpc_ctx_input_id_no_check.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-cmdi-001",
|
|
"file": "typescript/cmdi/cmdi_exec_template.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-cmdi-002",
|
|
"file": "typescript/cmdi/cmdi_async_wrapper.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:5)",
|
|
"taint-unsanitised-flow (source 9:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:5)",
|
|
"taint-unsanitised-flow (source 9:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-code_injection-001",
|
|
"file": "typescript/code_injection/code_exec_eval.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)",
|
|
"ts.code_exec.eval"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)",
|
|
"ts.code_exec.eval"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-code_injection-002",
|
|
"file": "typescript/code_injection/code_exec_new_function.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.code_exec.new_function",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.code_exec.new_function",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-crypto-001",
|
|
"file": "typescript/crypto/weak_hash_md5.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "crypto",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.crypto.weak_hash_import"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.crypto.weak_hash_import"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-iife-closure-001",
|
|
"file": "typescript/safe/safe_iife_closure_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-iife-closure-vuln-001",
|
|
"file": "typescript/xss/vuln_iife_closure_no_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 15:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 15:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-insecure_config-001",
|
|
"file": "typescript/insecure_config/reject_unauthorized.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "insecure_config",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.config.reject_unauthorized"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.config.reject_unauthorized"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-insecure_config-002",
|
|
"file": "typescript/insecure_config/cookie_httponly.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "insecure_config",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.config.insecure_session_httponly"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"ts.secrets.hardcoded_secret"
|
|
],
|
|
"all_finding_ids": [
|
|
"ts.secrets.hardcoded_secret",
|
|
"ts.config.insecure_session_httponly"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-interproc-001",
|
|
"file": "typescript/interprocedural/interproc_class_method.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 14:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 14:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-open_redirect-001",
|
|
"file": "typescript/open_redirect/location_href.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)",
|
|
"ts.xss.location_assign"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)",
|
|
"ts.xss.location_assign"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-path_traversal-001",
|
|
"file": "typescript/path_traversal/path_traversal_sendfile.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-prototype-001",
|
|
"file": "typescript/prototype/proto_assignment.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "prototype",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.prototype.proto_assignment"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.prototype.proto_assignment",
|
|
"ts.quality.as_any"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "ts-safe-001",
|
|
"file": "typescript/safe/safe_dompurify.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-002",
|
|
"file": "typescript/safe/safe_number_coerce.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-003",
|
|
"file": "typescript/safe/safe_encode_uri.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-004",
|
|
"file": "typescript/safe/safe_hardcoded_url.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-005",
|
|
"file": "typescript/safe/safe_validator_escape.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-006",
|
|
"file": "typescript/safe/safe_typeof_guard.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-007",
|
|
"file": "typescript/safe/safe_interproc_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-008",
|
|
"file": "typescript/safe/safe_constant_query.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-009",
|
|
"file": "typescript/safe/safe_parameterized.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-010",
|
|
"file": "typescript/safe/safe_jsx_text.tsx",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-014",
|
|
"file": "typescript/safe/safe_direct_path_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-015",
|
|
"file": "typescript/safe/safe_null_path_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-016",
|
|
"file": "typescript/safe/safe_cross_function_dotdot.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-secrets-001",
|
|
"file": "typescript/secrets/fallback_secret.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "secrets",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.secrets.fallback_secret"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.secrets.fallback_secret"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-sqli-001",
|
|
"file": "typescript/sqli/sqli_template_literal.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-sqli-002",
|
|
"file": "typescript/sqli/sqli_prisma_raw.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)",
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)",
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-ssrf-001",
|
|
"file": "typescript/ssrf/ssrf_axios_user_url.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-ssrf-002",
|
|
"file": "typescript/ssrf/ssrf_fastify_fetch.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)",
|
|
"taint-unsanitised-flow (source 7:52)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)",
|
|
"taint-unsanitised-flow (source 7:52)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-ssrf-003",
|
|
"file": "typescript/ssrf/ssrf_encoded_host.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-type_system-001",
|
|
"file": "typescript/type_system/discriminated_union_narrow.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-type_system-002",
|
|
"file": "typescript/type_system/interface_dispatch.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 18:5)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"taint-unsanitised-flow (source 18:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-type_system-003",
|
|
"file": "typescript/type_system/decorator_passthrough.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 14:5)",
|
|
"taint-unsanitised-flow (source 22:13)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 14:5)",
|
|
"taint-unsanitised-flow (source 22:13)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-xss-001",
|
|
"file": "typescript/xss/xss_typed_innerhtml.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-xss-002",
|
|
"file": "typescript/xss/xss_as_any_cast.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.quality.as_any",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "ts-xss-003",
|
|
"file": "typescript/xss/xss_generic_identity.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-xss-004",
|
|
"file": "typescript/xss/xss_optional_chain_source.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-xss-005",
|
|
"file": "typescript/xss/xss_dangerously_set_inner_html.tsx",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
}
|
|
],
|
|
"aggregate_file_level": {
|
|
"tp": 215,
|
|
"fp": 2,
|
|
"fn_": 1,
|
|
"tn": 214,
|
|
"precision": 0.9907834101382489,
|
|
"recall": 0.9953703703703703,
|
|
"f1": 0.9930715935334872
|
|
},
|
|
"aggregate_rule_level": {
|
|
"tp": 215,
|
|
"fp": 2,
|
|
"fn_": 1,
|
|
"tn": 214,
|
|
"precision": 0.9907834101382489,
|
|
"recall": 0.9953703703703703,
|
|
"f1": 0.9930715935334872
|
|
},
|
|
"by_language": {
|
|
"c": {
|
|
"tp": 15,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 15,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"cpp": {
|
|
"tp": 18,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 15,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"go": {
|
|
"tp": 24,
|
|
"fp": 2,
|
|
"fn_": 1,
|
|
"tn": 26,
|
|
"precision": 0.9230769230769231,
|
|
"recall": 0.96,
|
|
"f1": 0.9411764705882353
|
|
},
|
|
"java": {
|
|
"tp": 17,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 18,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"javascript": {
|
|
"tp": 19,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 23,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"php": {
|
|
"tp": 18,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 19,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"python": {
|
|
"tp": 23,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 23,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"ruby": {
|
|
"tp": 19,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 20,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"rust": {
|
|
"tp": 33,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 37,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"typescript": {
|
|
"tp": 29,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 18,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
}
|
|
},
|
|
"by_vuln_class": {
|
|
"auth": {
|
|
"tp": 13,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"buffer_overflow": {
|
|
"tp": 6,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"cmdi": {
|
|
"tp": 57,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"code_exec": {
|
|
"tp": 2,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"code_injection": {
|
|
"tp": 10,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"crypto": {
|
|
"tp": 1,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"deser": {
|
|
"tp": 8,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"deserialization": {
|
|
"tp": 4,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"fmt_string": {
|
|
"tp": 5,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"insecure_config": {
|
|
"tp": 2,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"memory_safety": {
|
|
"tp": 3,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"path_traversal": {
|
|
"tp": 25,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"prototype": {
|
|
"tp": 1,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"safe": {
|
|
"tp": 0,
|
|
"fp": 2,
|
|
"fn_": 0,
|
|
"tn": 214,
|
|
"precision": 0.0,
|
|
"recall": 1.0,
|
|
"f1": 0.0
|
|
},
|
|
"secrets": {
|
|
"tp": 1,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"sqli": {
|
|
"tp": 29,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"ssrf": {
|
|
"tp": 25,
|
|
"fp": 0,
|
|
"fn_": 1,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 0.9615384615384616,
|
|
"f1": 0.9803921568627451
|
|
},
|
|
"xss": {
|
|
"tp": 23,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
}
|
|
},
|
|
"by_confidence": {
|
|
">=High": {
|
|
"tp": 89,
|
|
"fp": 90,
|
|
"fn_": 127,
|
|
"tn": 126,
|
|
"precision": 0.4972067039106145,
|
|
"recall": 0.41203703703703703,
|
|
"f1": 0.4506329113924051
|
|
},
|
|
">=Low": {
|
|
"tp": 94,
|
|
"fp": 102,
|
|
"fn_": 122,
|
|
"tn": 114,
|
|
"precision": 0.47959183673469385,
|
|
"recall": 0.4351851851851852,
|
|
"f1": 0.4563106796116505
|
|
},
|
|
">=Medium": {
|
|
"tp": 94,
|
|
"fp": 102,
|
|
"fn_": 122,
|
|
"tn": 114,
|
|
"precision": 0.47959183673469385,
|
|
"recall": 0.4351851851851852,
|
|
"f1": 0.4563106796116505
|
|
}
|
|
}
|
|
} |