mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-06 19:35:13 +02:00
9375 lines
No EOL
272 KiB
JSON
9375 lines
No EOL
272 KiB
JSON
{
|
|
"benchmark_version": "1.0",
|
|
"timestamp": "2026-05-03T01:35:18Z",
|
|
"scanner_version": "0.6.0",
|
|
"scanner_config": {
|
|
"analysis_mode": "Full",
|
|
"taint_enabled": true,
|
|
"ast_patterns_enabled": true,
|
|
"state_analysis_enabled": true,
|
|
"worker_threads": 1
|
|
},
|
|
"ground_truth_hash": "sha256:8b8b31820b3a2cd0a28ded8109370093132a11074bf28b9c373192d271ee9f09",
|
|
"corpus_size": 507,
|
|
"cases_run": 506,
|
|
"cases_skipped": 1,
|
|
"outcomes": [
|
|
{
|
|
"case_id": "c-buf-001",
|
|
"file": "c/buffer_overflow/buffer_sprintf.c",
|
|
"language": "c",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"c.memory.sprintf"
|
|
],
|
|
"all_finding_ids": [
|
|
"c.memory.sprintf",
|
|
"taint-unsanitised-flow (source 6:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-buf-002",
|
|
"file": "c/buffer_overflow/buffer_strcpy.c",
|
|
"language": "c",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"all_finding_ids": [
|
|
"c.memory.strcpy",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-buf-003",
|
|
"file": "c/buffer_overflow/buffer_strcat.c",
|
|
"language": "c",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"c.memory.strcat"
|
|
],
|
|
"all_finding_ids": [
|
|
"c.memory.strcat",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-buf-005",
|
|
"file": "c/buffer_overflow/buffer_strcpy_user_arg.c",
|
|
"language": "c",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-cmdi-001",
|
|
"file": "c/cmdi/cmdi_system.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.cmdi.system",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.cmdi.system",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-cmdi-002",
|
|
"file": "c/cmdi/cmdi_popen.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.cmdi.popen",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.cmdi.popen",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-cmdi-003",
|
|
"file": "c/cmdi/cmdi_exec.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-cmdi-004",
|
|
"file": "c/cmdi/cmdi_fgets.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.cmdi.system",
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.cmdi.system",
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-data_exfil-001",
|
|
"file": "c/data_exfil/exfil_curl_postfields_env.c",
|
|
"language": "c",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 9:19)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 9:19)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-fmt-001",
|
|
"file": "c/fmt_string/fmt_printf.c",
|
|
"language": "c",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"c.memory.printf_no_fmt"
|
|
],
|
|
"all_finding_ids": [
|
|
"c.memory.printf_no_fmt",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-fmt-002",
|
|
"file": "c/fmt_string/fmt_fprintf.c",
|
|
"language": "c",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-path-001",
|
|
"file": "c/path_traversal/path_traversal_fopen.c",
|
|
"language": "c",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-path-002",
|
|
"file": "c/path_traversal/path_traversal_open.c",
|
|
"language": "c",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-001",
|
|
"file": "c/safe/safe_constant.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-002",
|
|
"file": "c/safe/safe_sanitized_snprintf.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-003",
|
|
"file": "c/safe/safe_atoi.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-004",
|
|
"file": "c/safe/safe_reassigned.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-005",
|
|
"file": "c/safe/safe_strncpy.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-006",
|
|
"file": "c/safe/safe_validated.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-007",
|
|
"file": "c/safe/safe_strtol.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-008",
|
|
"file": "c/safe/safe_sanitize_func.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-014",
|
|
"file": "c/safe/safe_direct_path_sanitizer.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-015",
|
|
"file": "c/safe/safe_status_code_sanitizer.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-016",
|
|
"file": "c/safe/safe_cross_function_dotdot.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-017",
|
|
"file": "c/safe/safe_strcpy_literal_src.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-018",
|
|
"file": "c/safe/safe_sprintf_bounded_format.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-safe-data_exfil-001",
|
|
"file": "c/safe/safe_data_exfil_user_input_echo.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "c-ssrf-001",
|
|
"file": "c/ssrf/ssrf_curl.c",
|
|
"language": "c",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-buf-001",
|
|
"file": "cpp/buffer_overflow/buffer_sprintf.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cpp.memory.sprintf"
|
|
],
|
|
"all_finding_ids": [
|
|
"cpp.memory.sprintf",
|
|
"taint-unsanitised-flow (source 6:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-buf-002",
|
|
"file": "cpp/buffer_overflow/buffer_strcpy.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"all_finding_ids": [
|
|
"cpp.memory.strcpy",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-buf-003",
|
|
"file": "cpp/buffer_overflow/buffer_reinterpret_cast_struct_alias.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "buffer_overflow",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.memory.reinterpret_cast"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.memory.reinterpret_cast"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-001",
|
|
"file": "cpp/cmdi/cmdi_system.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.cmdi.system",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.cmdi.system",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-002",
|
|
"file": "cpp/cmdi/cmdi_popen.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.cmdi.popen",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.cmdi.popen",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-003",
|
|
"file": "cpp/cmdi/cmdi_getline.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.cmdi.system",
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.cmdi.system",
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-004",
|
|
"file": "cpp/cmdi/cmdi_exec.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-005",
|
|
"file": "cpp/cmdi/cmdi_stl_vector_string.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 16:23)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 16:23)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-006",
|
|
"file": "cpp/cmdi/cmdi_lambda_passthrough.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 14:19)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 14:19)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-cmdi-007",
|
|
"file": "cpp/cmdi/cmdi_class_inline_method.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 25:19)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"taint-unsanitised-flow (source 25:19)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-fmt-001",
|
|
"file": "cpp/fmt_string/fmt_printf.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cpp.memory.printf_no_fmt"
|
|
],
|
|
"all_finding_ids": [
|
|
"cpp.memory.printf_no_fmt",
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-fmt-002",
|
|
"file": "cpp/fmt_string/fmt_fprintf.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:17)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-path-001",
|
|
"file": "cpp/path_traversal/path_traversal_fopen.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-path-002",
|
|
"file": "cpp/path_traversal/path_traversal_open.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-001",
|
|
"file": "cpp/safe/safe_constant.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-002",
|
|
"file": "cpp/safe/safe_snprintf.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-003",
|
|
"file": "cpp/safe/safe_stoi.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-004",
|
|
"file": "cpp/safe/safe_reassigned.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-005",
|
|
"file": "cpp/safe/safe_strncpy.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-006",
|
|
"file": "cpp/safe/safe_validated.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-007",
|
|
"file": "cpp/safe/safe_sanitize_func.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-008",
|
|
"file": "cpp/safe/safe_strtol.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-014",
|
|
"file": "cpp/safe/safe_direct_path_sanitizer.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-015",
|
|
"file": "cpp/safe/safe_optional_path_sanitizer.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-016",
|
|
"file": "cpp/safe/safe_cross_function_dotdot.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-017",
|
|
"file": "cpp/safe/safe_stl_vector_int.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-018",
|
|
"file": "cpp/safe/safe_builder_const_host.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-safe-019",
|
|
"file": "cpp/safe/safe_reinterpret_cast_byte_pointer.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-ssrf-001",
|
|
"file": "cpp/ssrf/ssrf_curl.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-ssrf-002",
|
|
"file": "cpp/ssrf/ssrf_connect.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 10:21)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 10:21)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cpp-ssrf-003",
|
|
"file": "cpp/ssrf/ssrf_builder_user_host.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 23:23)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 23:23)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-c-2016-3714-patched",
|
|
"file": "cve_corpus/c/CVE-2016-3714/patched.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-c-2016-3714-vulnerable",
|
|
"file": "cve_corpus/c/CVE-2016-3714/vulnerable.c",
|
|
"language": "c",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.cmdi.system"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.cmdi.system"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-c-2019-18634-patched",
|
|
"file": "cve_corpus/c/CVE-2019-18634/patched.c",
|
|
"language": "c",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-c-2019-18634-vulnerable",
|
|
"file": "cve_corpus/c/CVE-2019-18634/vulnerable.c",
|
|
"language": "c",
|
|
"vuln_class": "memory_safety",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"c.memory.strcpy"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-cpp-2019-13132-patched",
|
|
"file": "cve_corpus/cpp/CVE-2019-13132/patched.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-cpp-2019-13132-vulnerable",
|
|
"file": "cve_corpus/cpp/CVE-2019-13132/vulnerable.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "memory_safety",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-cpp-2022-1941-patched",
|
|
"file": "cve_corpus/cpp/CVE-2022-1941/patched.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-cpp-2022-1941-vulnerable",
|
|
"file": "cve_corpus/cpp/CVE-2022-1941/vulnerable.cpp",
|
|
"language": "cpp",
|
|
"vuln_class": "memory_safety",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cpp.memory.strcpy"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2022-30323-patched",
|
|
"file": "cve_corpus/go/CVE-2022-30323/patched.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2022-30323-vulnerable",
|
|
"file": "cve_corpus/go/CVE-2022-30323/vulnerable.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"taint-unsanitised-flow (source 30:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"taint-unsanitised-flow (source 30:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2023-3188-patched",
|
|
"file": "cve_corpus/go/CVE-2023-3188/patched.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2023-3188-vulnerable",
|
|
"file": "cve_corpus/go/CVE-2023-3188/vulnerable.go",
|
|
"language": "go",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 84:13)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 84:13)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2024-31450-patched",
|
|
"file": "cve_corpus/go/CVE-2024-31450/patched.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-go-2024-31450-vulnerable",
|
|
"file": "cve_corpus/go/CVE-2024-31450/vulnerable.go",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 62:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 62:11)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2015-7501-patched",
|
|
"file": "cve_corpus/java/CVE-2015-7501/patched.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2015-7501-vulnerable",
|
|
"file": "cve_corpus/java/CVE-2015-7501/vulnerable.java",
|
|
"language": "java",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 34:54)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"all_finding_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 34:54)",
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2017-12629-patched",
|
|
"file": "cve_corpus/java/CVE-2017-12629/patched.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2017-12629-vulnerable",
|
|
"file": "cve_corpus/java/CVE-2017-12629/vulnerable.java",
|
|
"language": "java",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 29:21)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 29:21)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2022-1471-patched",
|
|
"file": "cve_corpus/java/CVE-2022-1471/patched.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2022-1471-vulnerable",
|
|
"file": "cve_corpus/java/CVE-2022-1471/vulnerable.java",
|
|
"language": "java",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.deser.snakeyaml_unsafe_constructor"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.deser.snakeyaml_unsafe_constructor"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2022-42889-patched",
|
|
"file": "cve_corpus/java/CVE-2022-42889/patched.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-java-2022-42889-vulnerable",
|
|
"file": "cve_corpus/java/CVE-2022-42889/vulnerable.java",
|
|
"language": "java",
|
|
"vuln_class": "code_exec",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.code_exec.text4shell_interpolator"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.code_exec.text4shell_interpolator"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2019-14939-patched",
|
|
"file": "cve_corpus/javascript/CVE-2019-14939/patched.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2019-14939-vulnerable",
|
|
"file": "cve_corpus/javascript/CVE-2019-14939/vulnerable.js",
|
|
"language": "javascript",
|
|
"vuln_class": "code_exec",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 24:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 24:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2023-22621-patched",
|
|
"file": "cve_corpus/javascript/CVE-2023-22621/patched.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2023-22621-vulnerable",
|
|
"file": "cve_corpus/javascript/CVE-2023-22621/vulnerable.js",
|
|
"language": "javascript",
|
|
"vuln_class": "code_exec",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 46:26)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 46:26)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2025-64430-patched",
|
|
"file": "cve_corpus/javascript/CVE-2025-64430/patched.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-js-2025-64430-vulnerable",
|
|
"file": "cve_corpus/javascript/CVE-2025-64430/vulnerable.js",
|
|
"language": "javascript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 52:30)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 52:30)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-php-2017-9841-patched",
|
|
"file": "cve_corpus/php/CVE-2017-9841/patched.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-php-2017-9841-vulnerable",
|
|
"file": "cve_corpus/php/CVE-2017-9841/vulnerable.php",
|
|
"language": "php",
|
|
"vuln_class": "code_exec",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.code_exec.eval",
|
|
"taint-unsanitised-flow (source 21:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.code_exec.eval",
|
|
"taint-unsanitised-flow (source 21:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-php-2018-15133-patched",
|
|
"file": "cve_corpus/php/CVE-2018-15133/patched.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-php-2018-15133-vulnerable",
|
|
"file": "cve_corpus/php/CVE-2018-15133/vulnerable.php",
|
|
"language": "php",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 24:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 24:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2017-18342-patched",
|
|
"file": "cve_corpus/python/CVE-2017-18342/patched.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2017-18342-vulnerable",
|
|
"file": "cve_corpus/python/CVE-2017-18342/vulnerable.py",
|
|
"language": "python",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.deser.yaml_load",
|
|
"taint-unsanitised-flow (source 26:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.deser.yaml_load",
|
|
"taint-unsanitised-flow (source 26:11)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2023-48022-patched",
|
|
"file": "cve_corpus/python/CVE-2023-48022/patched.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2023-48022-vulnerable",
|
|
"file": "cve_corpus/python/CVE-2023-48022/vulnerable.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 26:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 26:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2025-69662-patched",
|
|
"file": "cve_corpus/python/CVE-2025-69662/patched.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2025-69662-vulnerable",
|
|
"file": "cve_corpus/python/CVE-2025-69662/vulnerable.py",
|
|
"language": "python",
|
|
"vuln_class": "sql_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 35:12)",
|
|
"py.sqli.text_format"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 35:12)",
|
|
"py.sqli.text_format"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2026-33626-patched",
|
|
"file": "cve_corpus/python/CVE-2026-33626/patched.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-py-2026-33626-vulnerable",
|
|
"file": "cve_corpus/python/CVE-2026-33626/vulnerable.py",
|
|
"language": "python",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 43:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 43:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2013-0156-patched",
|
|
"file": "cve_corpus/ruby/CVE-2013-0156/patched.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2013-0156-vulnerable",
|
|
"file": "cve_corpus/ruby/CVE-2013-0156/vulnerable.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "deserialization",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.deser.yaml_load"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"rb.deser.yaml_load"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2020-8130-patched",
|
|
"file": "cve_corpus/ruby/CVE-2020-8130/patched.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2020-8130-vulnerable",
|
|
"file": "cve_corpus/ruby/CVE-2020-8130/vulnerable.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 37:16)",
|
|
"taint-unsanitised-flow (source 44:7)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 37:16)",
|
|
"taint-unsanitised-flow (source 44:7)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2021-21288-patched",
|
|
"file": "cve_corpus/ruby/CVE-2021-21288/patched.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2021-21288-vulnerable",
|
|
"file": "cve_corpus/ruby/CVE-2021-21288/vulnerable.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 64:29)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 64:29)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2023-38337-patched",
|
|
"file": "cve_corpus/ruby/CVE-2023-38337/patched.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rb-2023-38337-vulnerable",
|
|
"file": "cve_corpus/ruby/CVE-2023-38337/vulnerable.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 54:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 54:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2018-20997-patched",
|
|
"file": "cve_corpus/rust/CVE-2018-20997/patched.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2018-20997-vulnerable",
|
|
"file": "cve_corpus/rust/CVE-2018-20997/vulnerable.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 27:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 27:22)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2022-36113-patched",
|
|
"file": "cve_corpus/rust/CVE-2022-36113/patched.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2022-36113-vulnerable",
|
|
"file": "cve_corpus/rust/CVE-2022-36113/vulnerable.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 29:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 29:22)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2024-24576-patched",
|
|
"file": "cve_corpus/rust/CVE-2024-24576/patched.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "cve-rs-2024-24576-vulnerable",
|
|
"file": "cve_corpus/rust/CVE-2024-24576/vulnerable.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 27:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 27:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "cve-ts-2023-26159-patched",
|
|
"file": "cve_corpus/typescript/CVE-2023-26159/patched.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-ts-2023-26159-vulnerable",
|
|
"file": "cve_corpus/typescript/CVE-2023-26159/vulnerable.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 28:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 28:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-ts-2026-25544-patched",
|
|
"file": "cve_corpus/typescript/CVE-2026-25544/patched.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-ts-2026-25544-vulnerable",
|
|
"file": "cve_corpus/typescript/CVE-2026-25544/vulnerable.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 73:5)",
|
|
"taint-unsanitised-flow (source 72:20)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 73:5)",
|
|
"taint-unsanitised-flow (source 72:20)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-ts-ghsa-4x48-cgf9-q33f-patched",
|
|
"file": "cve_corpus/typescript/GHSA-4x48-cgf9-q33f/patched.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "cve-ts-ghsa-4x48-cgf9-q33f-vulnerable",
|
|
"file": "cve_corpus/typescript/GHSA-4x48-cgf9-q33f/vulnerable.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 50:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 50:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-auth-realrepo-001",
|
|
"file": "go/auth/vuln_repo_findbyid_no_auth.go",
|
|
"language": "go",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"go.auth.missing_ownership_check",
|
|
"go.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.auth.missing_ownership_check",
|
|
"go.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-001",
|
|
"file": "go/cmdi/cmdi_direct.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-002",
|
|
"file": "go/cmdi/cmdi_indirect.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-003",
|
|
"file": "go/cmdi_env/cmdi_env.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-004",
|
|
"file": "go/cmdi/cmdi_unvalidated_queue_element.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 13:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 13:22)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-cross-001",
|
|
"file": "go/cmdi/cross_source/",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"go.cmdi.exec_command",
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-cmdi-realrepo-001",
|
|
"file": "go/cmdi/vuln_error_log_then_sink.go",
|
|
"language": "go",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-error-fallthrough",
|
|
"cfg-unguarded-sink",
|
|
"go.sqli.query_concat"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-error-fallthrough",
|
|
"cfg-unguarded-sink",
|
|
"go.sqli.query_concat"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-data_exfil-001",
|
|
"file": "go/data_exfil/exfil_http_post_cookie_body.go",
|
|
"language": "go",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 11:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 11:10)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-fmt_string-001",
|
|
"file": "go/fmt_string/fmt_injection.go",
|
|
"language": "go",
|
|
"vuln_class": "fmt_string",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:9)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-interproc-001",
|
|
"file": "go/interprocedural/interproc_taint_propagation.go",
|
|
"language": "go",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 13:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 13:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-interproc-safe-001",
|
|
"file": "go/interprocedural/interproc_sanitizer_wrap.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path-002",
|
|
"file": "go/path_traversal/path_traversal_remove.go",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 17:10)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"state-unauthed-access"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 17:10)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path-003",
|
|
"file": "go/path_traversal/path_traversal_ifinit.go",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 27:13)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"state-unauthed-access"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 27:13)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path-safe-002",
|
|
"file": "go/path_traversal/safe_path_traversal_remove.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path-safe-003",
|
|
"file": "go/path_traversal/safe_path_traversal_ifinit.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path_traversal-001",
|
|
"file": "go/path_traversal/path_traversal.go",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-path_traversal-cross-001",
|
|
"file": "go/path_traversal/cross_sanitizer/",
|
|
"language": "go",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-unauthed-access",
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-pathprune-safe-001",
|
|
"file": "go/path_pruning/safe_early_return.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-001",
|
|
"file": "go/safe/safe_constant.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-002",
|
|
"file": "go/safe/safe_dominated.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-003",
|
|
"file": "go/safe/safe_interprocedural.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-004",
|
|
"file": "go/safe/safe_non_security_sink.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-005",
|
|
"file": "go/safe/safe_reassigned.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-006",
|
|
"file": "go/safe/safe_sanitized.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-007",
|
|
"file": "go/safe/safe_type_check.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-008",
|
|
"file": "go/safe/safe_validated.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-009",
|
|
"file": "go/safe/safe_validated_queue_element.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-014",
|
|
"file": "go/safe/safe_direct_path_sanitizer.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-015",
|
|
"file": "go/safe/safe_tuple_path_sanitizer.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-016",
|
|
"file": "go/safe/safe_cross_function_dotdot.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-atoi-001",
|
|
"file": "go/safe/safe_strconv_atoi.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-data_exfil-001",
|
|
"file": "go/safe/safe_data_exfil_user_input_echo.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-fieldproj-phase3",
|
|
"file": "go/safe/safe_chained_receiver_field_proj.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-001",
|
|
"file": "go/safe/safe_error_log_only_function.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-002",
|
|
"file": "go/safe/safe_method_receiver_mutex.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-003",
|
|
"file": "go/safe/safe_const_bound_id.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-004",
|
|
"file": "go/safe/safe_chained_call_response_header.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-005",
|
|
"file": "go/safe/safe_self_method_receiver.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-006",
|
|
"file": "go/safe/safe_test_helper_fatal.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-016",
|
|
"file": "go/safe/safe_inner_call_close_in_arg.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-safe-realrepo-017",
|
|
"file": "go/safe/safe_struct_field_resource_owned_by_struct.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-sqli-001",
|
|
"file": "go/sqli/sqli_concat.go",
|
|
"language": "go",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 9:8)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"go.auth.missing_ownership_check"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"go.auth.missing_ownership_check",
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 9:8)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-sqli-002",
|
|
"file": "go/sqli/sqli_sprintf.go",
|
|
"language": "go",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 10:8)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 10:8)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-sqli-003",
|
|
"file": "go/sqli/sqli_queryrow.go",
|
|
"language": "go",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 9:8)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"go.auth.missing_ownership_check"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"go.auth.missing_ownership_check",
|
|
"go.sqli.query_concat",
|
|
"taint-unsanitised-flow (source 9:8)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-001",
|
|
"file": "go/ssrf/ssrf_http_get.go",
|
|
"language": "go",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-002",
|
|
"file": "go/ssrf/ssrf_new_request.go",
|
|
"language": "go",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-004",
|
|
"file": "go/ssrf/ssrf_default_client_get.go",
|
|
"language": "go",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 12:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 12:9)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-safe-001",
|
|
"file": "go/ssrf/safe_ssrf_hardcoded.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-ssrf-safe-002",
|
|
"file": "go/ssrf/safe_ssrf_default_client_get.go",
|
|
"language": "go",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-vuln-realrepo-018",
|
|
"file": "go/safe/vuln_resource_leak_no_close.go",
|
|
"language": "go",
|
|
"vuln_class": "resource",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-xss-001",
|
|
"file": "go/xss/xss_fprintf.go",
|
|
"language": "go",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-xss-002",
|
|
"file": "go/xss/xss_template_html.go",
|
|
"language": "go",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:11)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "go-xss-gin-001",
|
|
"file": "go/xss/xss_gin_source.go",
|
|
"language": "go",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:10)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-cmdi-001",
|
|
"file": "java/cmdi/CmdiDirect.java",
|
|
"language": "java",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-cmdi-002",
|
|
"file": "java/cmdi/CmdiIndirect.java",
|
|
"language": "java",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 5:23)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 5:23)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-code_injection-001",
|
|
"file": "java/code_injection/CodeInjection.java",
|
|
"language": "java",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.reflection.class_forname",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.reflection.class_forname",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-data_exfil-001",
|
|
"file": "java/data_exfil/DataExfilJdkHttpClient.java",
|
|
"language": "java",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 14:28)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 14:28)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-data_exfil-002",
|
|
"file": "java/data_exfil/DataExfilOkHttp.java",
|
|
"language": "java",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 14:33)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 14:33)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-deser-001",
|
|
"file": "java/deser/DeserOis.java",
|
|
"language": "java",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 6:55)",
|
|
"taint-unsanitised-flow (source 6:55)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"all_finding_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 6:55)",
|
|
"java.xss.getwriter_print",
|
|
"taint-unsanitised-flow (source 6:55)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-deser-002",
|
|
"file": "java/deser/DeserSource.java",
|
|
"language": "java",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 6:55)",
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 6:55)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"java.deser.readobject",
|
|
"taint-unsanitised-flow (source 6:55)",
|
|
"java.cmdi.runtime_exec",
|
|
"taint-unsanitised-flow (source 6:55)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-interproc-001",
|
|
"file": "java/interprocedural/InterprocTaintPropagation.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:25)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-resource-leak",
|
|
"taint-unsanitised-flow (source 9:25)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-interproc-safe-001",
|
|
"file": "java/interprocedural/InterprocSanitizerWrap.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-path_traversal-001",
|
|
"file": "java/path_traversal/PathTraversal.java",
|
|
"language": "java",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-preauth-001",
|
|
"file": "java/auth/SafePreAuthorize.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-preauth-vuln-001",
|
|
"file": "java/auth/VulnNoPreAuthorize.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 11:23)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"all_finding_ids": [
|
|
"java.xss.getwriter_print",
|
|
"taint-unsanitised-flow (source 11:23)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-001",
|
|
"file": "java/safe/SafeConstant.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-002",
|
|
"file": "java/safe/SafeDominated.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-003",
|
|
"file": "java/safe/SafeInterprocedural.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-004",
|
|
"file": "java/safe/SafeNonSecuritySink.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-005",
|
|
"file": "java/safe/SafeReassigned.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-006",
|
|
"file": "java/safe/SafeSanitized.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-007",
|
|
"file": "java/safe/SafeTypeCheck.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-008",
|
|
"file": "java/safe/SafeValidated.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-014",
|
|
"file": "java/safe/SafeDirectPathSanitizer.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-015",
|
|
"file": "java/safe/SafeOptionalPathSanitizer.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-016",
|
|
"file": "java/safe/SafeCrossFunctionDotdot.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-prepared-001",
|
|
"file": "java/safe/safe_prepared_statement.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-realrepo-001",
|
|
"file": "java/safe/SafeLoggerIsEnabled.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-safe-realrepo-keycloak-001",
|
|
"file": "java/safe/SafeJpaParameterizedExecute.java",
|
|
"language": "java",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-sqli-001",
|
|
"file": "java/sqli/SqliConcat.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"java.sqli.execute_concat",
|
|
"taint-unsanitised-flow (source 6:21)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak",
|
|
"java.sqli.execute_concat",
|
|
"taint-unsanitised-flow (source 6:21)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-sqli-002",
|
|
"file": "java/sqli/SqliFormat.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 6:21)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak",
|
|
"taint-unsanitised-flow (source 6:21)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-sqli-realrepo-keycloak-001",
|
|
"file": "java/sqli/SqliJpaCreateQueryConcat.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-sqli-stmt-001",
|
|
"file": "java/sqli/sqli_statement_vs_prepared.java",
|
|
"language": "java",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 7:21)",
|
|
"taint-unsanitised-flow (source 7:21)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"java.sqli.execute_concat",
|
|
"java.xss.getwriter_print"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"java.sqli.execute_concat",
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 7:21)",
|
|
"java.xss.getwriter_print",
|
|
"taint-unsanitised-flow (source 7:21)"
|
|
],
|
|
"security_finding_count": 6,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-ssrf-001",
|
|
"file": "java/ssrf/SsrfRequest.java",
|
|
"language": "java",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 7:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 7:22)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-ssrf-002",
|
|
"file": "java/ssrf/SsrfHttpClient.java",
|
|
"language": "java",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:22)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "java-xss-001",
|
|
"file": "java/xss/XssReflected.java",
|
|
"language": "java",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:23)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:23)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-allowlist-dispatch-001",
|
|
"file": "javascript/safe/safe_switch_dispatch.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-auth-realrepo-001",
|
|
"file": "javascript/auth/safe_req_user_id_copy.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-cmdi-001",
|
|
"file": "javascript/cmdi/cmdi_direct.js",
|
|
"language": "javascript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-cmdi-002",
|
|
"file": "javascript/cmdi/cmdi_indirect.js",
|
|
"language": "javascript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-code_injection-001",
|
|
"file": "javascript/code_injection/code_injection.js",
|
|
"language": "javascript",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-code_injection-002",
|
|
"file": "javascript/code_injection/code_injection_indirect.js",
|
|
"language": "javascript",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"js.code_exec.new_function"
|
|
],
|
|
"all_finding_ids": [
|
|
"js.code_exec.new_function",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-data_exfil-001",
|
|
"file": "javascript/data_exfil/exfil_fetch_cookie_body.js",
|
|
"language": "javascript",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-data_exfil-002",
|
|
"file": "javascript/data_exfil/exfil_fetch_external_destination.js",
|
|
"language": "javascript",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-data_exfil-003",
|
|
"file": "javascript/data_exfil/exfil_xhr_send_header.js",
|
|
"language": "javascript",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-destructure-sanitize-001",
|
|
"file": "javascript/safe/safe_object_destructure_sanitize.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-destructure-vuln-001",
|
|
"file": "javascript/xss/vuln_object_destructure_no_sanitize.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:21)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:21)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-interproc-001",
|
|
"file": "javascript/interprocedural/interproc_taint_propagation.js",
|
|
"language": "javascript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 10:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 10:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-interproc-safe-001",
|
|
"file": "javascript/interprocedural/interproc_sanitizer_wrap.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-path_traversal-001",
|
|
"file": "javascript/path_traversal/path_traversal.js",
|
|
"language": "javascript",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-pathprune-safe-001",
|
|
"file": "javascript/path_pruning/safe_early_return.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-001",
|
|
"file": "javascript/safe/safe_constant.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-002",
|
|
"file": "javascript/safe/safe_dominated.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-003",
|
|
"file": "javascript/safe/safe_interprocedural.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-004",
|
|
"file": "javascript/safe/safe_non_security_sink.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-005",
|
|
"file": "javascript/safe/safe_reassigned.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-006",
|
|
"file": "javascript/safe/safe_sanitized.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-007",
|
|
"file": "javascript/safe/safe_type_check.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-008",
|
|
"file": "javascript/safe/safe_validated.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-014",
|
|
"file": "javascript/safe/safe_direct_path_sanitizer.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-015",
|
|
"file": "javascript/safe/safe_null_path_sanitizer.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-016",
|
|
"file": "javascript/safe/safe_cross_function_dotdot.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-021",
|
|
"file": "javascript/safe/safe_canonicalise_rooted_startsWith.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-022",
|
|
"file": "javascript/safe/safe_env_empty_fallback.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-data_exfil-001",
|
|
"file": "javascript/safe/safe_data_exfil_sanitizer_wrap.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-data_exfil-002",
|
|
"file": "javascript/safe/safe_data_exfil_user_input_echo.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-parseInt-001",
|
|
"file": "javascript/safe/safe_parseInt.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-realrepo-001",
|
|
"file": "javascript/safe/safe_dom_globals_and_methods.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-realrepo-002",
|
|
"file": "javascript/safe/safe_happy_path_error_check.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-safe-realrepo-006",
|
|
"file": "javascript/safe/safe_localised_gherkin_regex.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-sqli-001",
|
|
"file": "javascript/sqli/sqli_concat.js",
|
|
"language": "javascript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-sqli-002",
|
|
"file": "javascript/sqli/sqli_template.js",
|
|
"language": "javascript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-001",
|
|
"file": "javascript/ssrf/ssrf_fetch.js",
|
|
"language": "javascript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-002",
|
|
"file": "javascript/ssrf/ssrf_axios.js",
|
|
"language": "javascript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-003",
|
|
"file": "javascript/ssrf/ssrf_http_get_chained.js",
|
|
"language": "javascript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-safe-001",
|
|
"file": "javascript/ssrf/safe_ssrf_hardcoded.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-ssrf-safe-002",
|
|
"file": "javascript/ssrf/safe_http_get_hardcoded_chained.js",
|
|
"language": "javascript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-001",
|
|
"file": "javascript/xss/xss_reflected.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-002",
|
|
"file": "javascript/xss/xss_document_write.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.xss.document_write",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.xss.document_write",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-003",
|
|
"file": "javascript/xss/xss_location.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.xss.location_assign",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.xss.location_assign",
|
|
"taint-unsanitised-flow (source 4:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-cross-001",
|
|
"file": "javascript/xss/cross_propagation/",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.xss.document_write",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.xss.document_write",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "js-xss-react-001",
|
|
"file": "javascript/xss/xss_react_dangerously.js",
|
|
"language": "javascript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-cmdi-001",
|
|
"file": "php/cmdi/cmdi_direct.php",
|
|
"language": "php",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.cmdi.system",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.cmdi.system",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-cmdi-002",
|
|
"file": "php/cmdi/cmdi_indirect.php",
|
|
"language": "php",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.cmdi.system",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.cmdi.system",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-code_injection-001",
|
|
"file": "php/code_injection/code_injection.php",
|
|
"language": "php",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.code_exec.eval",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.code_exec.eval",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-code_injection-002",
|
|
"file": "php/code_injection/code_injection_assert.php",
|
|
"language": "php",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-crypto-001",
|
|
"file": "php/crypto/crypto_md5_password_hash.php",
|
|
"language": "php",
|
|
"vuln_class": "crypto",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"php.crypto.md5",
|
|
"php.crypto.sha1",
|
|
"php.crypto.sha1",
|
|
"php.crypto.md5",
|
|
"php.crypto.sha1"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.crypto.md5",
|
|
"php.crypto.sha1",
|
|
"php.crypto.sha1",
|
|
"php.crypto.md5",
|
|
"php.crypto.sha1"
|
|
],
|
|
"security_finding_count": 5,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-deser-001",
|
|
"file": "php/deser/deser_unserialize.php",
|
|
"language": "php",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 2:1)",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 2:1)",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-deser-002",
|
|
"file": "php/deser/deser_unserialize_allowed_true.php",
|
|
"language": "php",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 7:1)",
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.deser.unserialize",
|
|
"taint-unsanitised-flow (source 7:1)",
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-interproc-001",
|
|
"file": "php/interprocedural/interproc_taint_propagation.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-interproc-safe-001",
|
|
"file": "php/interprocedural/interproc_sanitizer_wrap.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-isgranted-001",
|
|
"file": "php/auth/safe_isgranted.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-isgranted-vuln-001",
|
|
"file": "php/auth/vuln_no_isgranted.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-path_traversal-001",
|
|
"file": "php/path_traversal/path_traversal.php",
|
|
"language": "php",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-path_traversal-002",
|
|
"file": "php/path_traversal/path_traversal_copy.php",
|
|
"language": "php",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-path_traversal-003",
|
|
"file": "php/path_traversal/path_traversal_concat.php",
|
|
"language": "php",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"php.path.include_variable"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"php.path.include_variable"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-001",
|
|
"file": "php/safe/safe_constant.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-002",
|
|
"file": "php/safe/safe_dominated.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-003",
|
|
"file": "php/safe/safe_interprocedural.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-004",
|
|
"file": "php/safe/safe_non_security_sink.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-005",
|
|
"file": "php/safe/safe_reassigned.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-006",
|
|
"file": "php/safe/safe_sanitized.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-007",
|
|
"file": "php/safe/safe_type_check.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-008",
|
|
"file": "php/safe/safe_validated.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-014",
|
|
"file": "php/safe/safe_direct_path_sanitizer.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-015",
|
|
"file": "php/safe/safe_nullable_path_sanitizer.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-016",
|
|
"file": "php/safe/safe_cross_function_dotdot.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-017",
|
|
"file": "php/safe/safe_unserialize_allowed_classes.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-018",
|
|
"file": "php/safe/safe_include_param_passthrough.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-019",
|
|
"file": "php/safe/safe_md5_sha1_non_crypto_use.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-safe-filter-001",
|
|
"file": "php/safe/safe_filter_input.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-sqli-001",
|
|
"file": "php/sqli/sqli_concat.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-sqli-002",
|
|
"file": "php/sqli/sqli_sprintf.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-sqli-pdo-001",
|
|
"file": "php/sqli/sqli_pdo_raw.php",
|
|
"language": "php",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-ssrf-001",
|
|
"file": "php/ssrf/ssrf_curl.php",
|
|
"language": "php",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)",
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-ssrf-safe-001",
|
|
"file": "php/ssrf/safe_ssrf_hardcoded.php",
|
|
"language": "php",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "php-xss-001",
|
|
"file": "php/xss/xss_reflected.php",
|
|
"language": "php",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:1)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-decorator-001",
|
|
"file": "python/safe/safe_login_required_decorator.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-decorator-vuln-001",
|
|
"file": "python/auth/vuln_no_auth_decorator.py",
|
|
"language": "python",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-auth-gap"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-auth-gap"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-001",
|
|
"file": "python/safe/safe_django_migration_token.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-002",
|
|
"file": "python/safe/safe_pytest_conftest_marker.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-003",
|
|
"file": "python/safe/safe_celery_task_no_user_input.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-004",
|
|
"file": "python/auth/vuln_token_override_django_handler.py",
|
|
"language": "python",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.auth.token_override_without_validation"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.auth.token_override_without_validation"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-005",
|
|
"file": "python/safe/safe_fastapi_route_dependencies_auth.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-006",
|
|
"file": "python/safe/safe_pytest_sqlalchemy_session.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-007",
|
|
"file": "python/safe/safe_fastapi_route_level_row_fetch.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-007",
|
|
"file": "python/auth/vuln_fastapi_route_no_dependencies.py",
|
|
"language": "python",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-008",
|
|
"file": "python/safe/safe_django_orm_caller_scoped_entity.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-009",
|
|
"file": "python/auth/vuln_user_id_param_no_auth.py",
|
|
"language": "python",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.auth.missing_ownership_check",
|
|
"py.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.auth.missing_ownership_check",
|
|
"py.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-auth-realrepo-010",
|
|
"file": "python/safe/safe_mock_patch_test_method.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-001",
|
|
"file": "python/cmdi/cmdi_direct.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-002",
|
|
"file": "python/cmdi/cmdi_indirect.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.subprocess_shell",
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.subprocess_shell",
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-cross-001",
|
|
"file": "python/cmdi/cross_propagation/",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 4:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 4:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-cross-002",
|
|
"file": "python/cmdi/cross_source/",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.subprocess_shell"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.subprocess_shell"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-cross-003",
|
|
"file": "python/cmdi/cross_sanitizer/",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 4:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 4:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-cross-004",
|
|
"file": "python/cmdi/cross_indirect_sink/",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:5)",
|
|
"py.cmdi.os_system"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 6:5)",
|
|
"cfg-unguarded-sink",
|
|
"py.cmdi.os_system"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-cmdi-popen-001",
|
|
"file": "python/cmdi/cmdi_popen_shell.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"py.cmdi.subprocess_shell"
|
|
],
|
|
"all_finding_ids": [
|
|
"py.cmdi.subprocess_shell",
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-code_injection-001",
|
|
"file": "python/code_injection/code_injection.py",
|
|
"language": "python",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.code_exec.eval",
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-code_injection-002",
|
|
"file": "python/code_injection/code_injection_exec.py",
|
|
"language": "python",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.code_exec.exec",
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.code_exec.exec",
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-context-sanitize-001",
|
|
"file": "python/safe/safe_with_context_sanitize.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-data_exfil-001",
|
|
"file": "python/data_exfil/exfil_requests_post_env_dict.py",
|
|
"language": "python",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 14:25)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 14:25)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-data_exfil-002",
|
|
"file": "python/data_exfil/exfil_httpx_async_post_env.py",
|
|
"language": "python",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 12:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 12:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-deser-001",
|
|
"file": "python/deser/deser_pickle.py",
|
|
"language": "python",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"py.deser.pickle_loads",
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"py.deser.pickle_loads",
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-interproc-001",
|
|
"file": "python/interprocedural/interproc_taint_propagation.py",
|
|
"language": "python",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"py.cmdi.os_system"
|
|
],
|
|
"all_finding_ids": [
|
|
"py.cmdi.os_system",
|
|
"taint-unsanitised-flow (source 8:9)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-interproc-safe-001",
|
|
"file": "python/interprocedural/interproc_sanitizer_wrap.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-path_traversal-001",
|
|
"file": "python/path_traversal/path_traversal.py",
|
|
"language": "python",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-pathprune-safe-001",
|
|
"file": "python/path_pruning/safe_early_return.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-001",
|
|
"file": "python/safe/safe_constant.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-002",
|
|
"file": "python/safe/safe_dominated.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-003",
|
|
"file": "python/safe/safe_interprocedural.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-004",
|
|
"file": "python/safe/safe_non_security_sink.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-005",
|
|
"file": "python/safe/safe_reassigned.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-006",
|
|
"file": "python/safe/safe_sanitized.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-007",
|
|
"file": "python/safe/safe_type_check.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-008",
|
|
"file": "python/safe/safe_validated.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-014",
|
|
"file": "python/safe/safe_direct_path_sanitizer.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-015",
|
|
"file": "python/safe/safe_optional_path_sanitizer.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-016",
|
|
"file": "python/safe/safe_cross_function_dotdot.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-022",
|
|
"file": "python/safe/safe_canonicalise_rooted_startswith.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-data_exfil-001",
|
|
"file": "python/safe/safe_data_exfil_user_input_echo.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-safe-int-001",
|
|
"file": "python/safe/safe_int_cast.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-sqli-001",
|
|
"file": "python/sqli/sqli_concat.py",
|
|
"language": "python",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak",
|
|
"py.sqli.execute_format"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak",
|
|
"py.sqli.execute_format",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-sqli-002",
|
|
"file": "python/sqli/sqli_format.py",
|
|
"language": "python",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"state-resource-leak",
|
|
"py.sqli.execute_format",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-resource-leak"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"cfg-resource-leak",
|
|
"py.sqli.execute_format",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"security_finding_count": 4,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-ssrf-001",
|
|
"file": "python/ssrf/ssrf_requests.py",
|
|
"language": "python",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-ssrf-002",
|
|
"file": "python/ssrf/ssrf_httpx_post.py",
|
|
"language": "python",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:11)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-ssrf-safe-001",
|
|
"file": "python/ssrf/safe_ssrf_constant.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-validator-sentinel-001",
|
|
"file": "python/safe/safe_validator_sentinel.py",
|
|
"language": "python",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-validator-sentinel-vuln-001",
|
|
"file": "python/sqli/vuln_validator_sentinel_bypass.py",
|
|
"language": "python",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 17:11)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"state-resource-leak",
|
|
"py.sqli.execute_format"
|
|
],
|
|
"all_finding_ids": [
|
|
"state-resource-leak",
|
|
"py.sqli.execute_format",
|
|
"taint-unsanitised-flow (source 17:11)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-xss-001",
|
|
"file": "python/xss/xss_reflected.py",
|
|
"language": "python",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "py-xss-002",
|
|
"file": "python/xss/xss_template_string.py",
|
|
"language": "python",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:12)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-data_exfil-001",
|
|
"file": "ruby/data_exfil/exfil_net_http_post_cookie.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 7:9)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 7:9)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-interproc-001",
|
|
"file": "ruby/interprocedural/interproc_taint_propagation.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-interproc-safe-001",
|
|
"file": "ruby/interprocedural/interproc_sanitizer_wrap.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-safe-014",
|
|
"file": "ruby/safe/safe_direct_path_sanitizer.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-safe-015",
|
|
"file": "ruby/safe/safe_nil_path_sanitizer.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-safe-016",
|
|
"file": "ruby/safe/safe_cross_function_dotdot.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-safe-021",
|
|
"file": "ruby/safe/safe_canonicalise_rooted_unless.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rb-safe-data_exfil-001",
|
|
"file": "ruby/safe/safe_data_exfil_user_input_echo.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-001",
|
|
"file": "rust/auth/actix_scoped_write_missing.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-002",
|
|
"file": "rust/auth/true_positive_missing_check.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-003",
|
|
"file": "rust/auth/row_ownership_no_early_exit.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-101",
|
|
"file": "rust/auth/hashmap_local_noise.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-102",
|
|
"file": "rust/auth/helper_scoped_params.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-103",
|
|
"file": "rust/auth/row_ownership_equality.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-104",
|
|
"file": "rust/auth/self_scoped_user.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-105",
|
|
"file": "rust/auth/db_connection_type_inferred.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-106",
|
|
"file": "rust/auth/sql_join_acl.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-107",
|
|
"file": "rust/auth/transitive_helper.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-108",
|
|
"file": "rust/auth/row_fetch_then_authorize.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-auth-109",
|
|
"file": "rust/auth/predicate_role_check.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-110",
|
|
"file": "rust/auth/unsafe_row_fetch_no_authz.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.quality.todo",
|
|
"rs.auth.missing_ownership_check",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-auth-dto-int-field-001",
|
|
"file": "rust/auth/safe_dto_int_field_axum.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-dto-string-field-001",
|
|
"file": "rust/auth/unsafe_dto_string_field_axum.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-001",
|
|
"file": "rust/auth/self_actor_uid_copy.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-002",
|
|
"file": "rust/auth/require_resource_role_helper.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-003",
|
|
"file": "rust/auth/self_publish_email.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-006",
|
|
"file": "rust/auth/safe_row_population_reverse_walk.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-007",
|
|
"file": "rust/auth/safe_row_fetch_multiline_let.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-008",
|
|
"file": "rust/auth/unsafe_row_population_no_check.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.auth.missing_ownership_check",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-009",
|
|
"file": "rust/auth/safe_local_user_view_extractor.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-010",
|
|
"file": "rust/auth/unsafe_local_user_view_extractor.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-011",
|
|
"file": "rust/auth/safe_param_type_segment_idents.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-012",
|
|
"file": "rust/auth/safe_local_collection_param_types.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-013",
|
|
"file": "rust/auth/unsafe_handler_local_collection_does_not_blanket_suppress.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-014",
|
|
"file": "rust/auth/safe_actix_guarded_data_extractor.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-015",
|
|
"file": "rust/auth/unsafe_actix_no_guarded_data_extractor.rs",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.todo",
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-016",
|
|
"file": "rust/safe/safe_non_web_rust_project",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-realrepo-017",
|
|
"file": "rust/auth/unsafe_actix_web_project_no_check",
|
|
"language": "rust",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-auth-typed-extractors-001",
|
|
"file": "rust/auth/safe_typed_path_int_extractor.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-001",
|
|
"file": "rust/cmdi/cmdi_command.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-002",
|
|
"file": "rust/cmdi/cmdi_command_output.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-003",
|
|
"file": "rust/cmdi/cmdi_indirect.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:17)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 9:17)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-004",
|
|
"file": "rust/cmdi/cmdi_args.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:20)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:20)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-005",
|
|
"file": "rust/cmdi/cmdi_format_macro.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-006",
|
|
"file": "rust/cmdi/cmdi_match_source.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:22)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-007",
|
|
"file": "rust/cmdi/cmdi_string_concat.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-008",
|
|
"file": "rust/cmdi/cmdi_static_map_dangerous.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 6:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 6:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-009",
|
|
"file": "rust/cmdi/cmdi_indirect_multisink.rs",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 11:13)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink",
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"rs.quality.unwrap",
|
|
"cfg-unguarded-sink",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 11:13)"
|
|
],
|
|
"security_finding_count": 3,
|
|
"non_security_finding_count": 4
|
|
},
|
|
{
|
|
"case_id": "rs-cmdi-cross-001",
|
|
"file": "rust/cmdi/cross_propagation/",
|
|
"language": "rust",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:17)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 7:17)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-data_exfil-001",
|
|
"file": "rust/data_exfil/exfil_reqwest_form_env.rs",
|
|
"language": "rust",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 5:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-data-exfiltration (source 5:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-deser-001",
|
|
"file": "rust/deser/deser_serde_yaml.rs",
|
|
"language": "rust",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 8:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-001",
|
|
"file": "rust/path_traversal/path_read.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-002",
|
|
"file": "rust/path_traversal/path_write.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-003",
|
|
"file": "rust/path_traversal/path_file_open.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-004",
|
|
"file": "rust/path_traversal/path_file_create.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-005",
|
|
"file": "rust/path_traversal/path_remove.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-path-006",
|
|
"file": "rust/traversal/traversal_no_sanitizer.rs",
|
|
"language": "rust",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 10:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 10:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-001",
|
|
"file": "rust/safe/safe_constant.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-002",
|
|
"file": "rust/safe/safe_sanitized_shell.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-003",
|
|
"file": "rust/safe/safe_reassigned.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-004",
|
|
"file": "rust/safe/safe_validated.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.panic_macro",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-safe-005",
|
|
"file": "rust/safe/safe_hardcoded_url.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "rs-safe-006",
|
|
"file": "rust/safe/safe_type_check.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.expect",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-safe-007",
|
|
"file": "rust/safe/safe_interprocedural.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-008",
|
|
"file": "rust/safe/safe_dominated.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-009",
|
|
"file": "rust/safe/safe_shell_metachar.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-009",
|
|
"file": "rust/safe/safe_match_guard.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-010",
|
|
"file": "rust/safe/safe_static_map_lookup.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-safe-011",
|
|
"file": "rust/safe/safe_parsed_port.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.expect",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-safe-012",
|
|
"file": "rust/safe/safe_path_contains_dotdot.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-014",
|
|
"file": "rust/safe/safe_option_sanitizer.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-015",
|
|
"file": "rust/safe/safe_path_is_absolute.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-016",
|
|
"file": "rust/safe/safe_cross_function_dotdot.rs",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-safe-cross-001",
|
|
"file": "rust/cmdi/cross_sanitizer/",
|
|
"language": "rust",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "rs-sqli-001",
|
|
"file": "rust/sqli/sqli_rusqlite_format.rs",
|
|
"language": "rust",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-sqli-002",
|
|
"file": "rust/sqli/sqli_metachar_gate_wrong_sink.rs",
|
|
"language": "rust",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 5:19)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "rs-ssrf-001",
|
|
"file": "rust/ssrf/ssrf_reqwest.rs",
|
|
"language": "rust",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 4:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-ssrf-002",
|
|
"file": "rust/ssrf/ssrf_indirect.rs",
|
|
"language": "rust",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:18)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 8:18)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-ssrf-003",
|
|
"file": "rust/ssrf/ssrf_client_builder.rs",
|
|
"language": "rust",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:15)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rs.quality.unwrap",
|
|
"taint-unsanitised-flow (source 4:15)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "rs-xss-001",
|
|
"file": "rust/xss/axum_html/",
|
|
"language": "rust",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 3:16)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 3:16)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-auth-missing-post-fetch-001",
|
|
"file": "ruby/auth/auth_missing_post_fetch_check.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-before-action-001",
|
|
"file": "ruby/auth/safe_before_action.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-cmdi-001",
|
|
"file": "ruby/cmdi/cmdi_system.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.cmdi.system_interp",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.cmdi.system_interp",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-cmdi-002",
|
|
"file": "ruby/cmdi/cmdi_backtick.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.cmdi.backtick",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.cmdi.backtick",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-cmdi-003",
|
|
"file": "ruby/cmdi/cmdi_kernel_open.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 10:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 10:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-code_injection-001",
|
|
"file": "ruby/code_injection/code_injection_eval.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.code_exec.eval",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.code_exec.eval",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-deser-001",
|
|
"file": "ruby/deser/deser_marshal.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.deser.marshal_load",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.deser.marshal_load",
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-deser-002",
|
|
"file": "ruby/deser/deser_yaml.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "deser",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"rb.deser.yaml_load",
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"rb.deser.yaml_load",
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-path_traversal-001",
|
|
"file": "ruby/path_traversal/path_traversal_send_file.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-path_traversal-002",
|
|
"file": "ruby/path_traversal/path_traversal_yaml_load_file_read.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 3:1)",
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 3:1)",
|
|
"taint-unsanitised-flow (source 7:1)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-001",
|
|
"file": "ruby/safe/safe_constant.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-002",
|
|
"file": "ruby/safe/safe_dominated.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-003",
|
|
"file": "ruby/safe/safe_interprocedural.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-004",
|
|
"file": "ruby/safe/safe_non_security_sink.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-005",
|
|
"file": "ruby/safe/safe_reassigned.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-006",
|
|
"file": "ruby/safe/safe_sanitized.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-007",
|
|
"file": "ruby/safe/safe_type_check.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-008",
|
|
"file": "ruby/safe/safe_validated.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-009",
|
|
"file": "ruby/safe/safe_kernel_open_file_namespaced.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-ar-query-shapes-001",
|
|
"file": "ruby/safe/safe_active_record_query_shapes.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-post-fetch-ownership-001",
|
|
"file": "ruby/safe/safe_post_fetch_ownership_check.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-safe-strong-params-001",
|
|
"file": "ruby/safe/safe_strong_params.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-sqli-001",
|
|
"file": "ruby/sqli/sqli_find_by_sql.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-sqli-002",
|
|
"file": "ruby/sqli/sqli_execute.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-sqli-where-chained-interp-001",
|
|
"file": "ruby/sqli/sqli_where_chained_interpolation.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-sqli-where-string-interp-001",
|
|
"file": "ruby/sqli/sqli_where_string_interpolation.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-ssrf-001",
|
|
"file": "ruby/ssrf/ssrf_httparty.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-ssrf-002",
|
|
"file": "ruby/ssrf/ssrf_net_http.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-ssrf-003",
|
|
"file": "ruby/ssrf/ssrf_open_uri.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 4:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-ssrf-safe-001",
|
|
"file": "ruby/ssrf/safe_ssrf_hardcoded.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-xss-001",
|
|
"file": "ruby/xss/xss_html_safe.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ruby-xss-002",
|
|
"file": "ruby/xss/xss_raw.rb",
|
|
"language": "ruby",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 2:3)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-001",
|
|
"file": "typescript/auth/safe_session_user_id_copy.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-002",
|
|
"file": "typescript/auth/vuln_target_user_id_no_check.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.quality.any_annotation",
|
|
"ts.quality.any_annotation",
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 2
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-003",
|
|
"file": "typescript/auth/safe_destructured_session_user.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-004",
|
|
"file": "typescript/auth/safe_trpc_ctx_user_options.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-005",
|
|
"file": "typescript/auth/vuln_trpc_ctx_input_id_no_check.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-006",
|
|
"file": "typescript/auth/safe_local_collection_receiver.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-auth-realrepo-007",
|
|
"file": "typescript/auth/vuln_local_collection_does_not_blanket_suppress.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "auth",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"js.auth.missing_ownership_check",
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"js.auth.missing_ownership_check",
|
|
"js.auth.missing_ownership_check"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-cmdi-001",
|
|
"file": "typescript/cmdi/cmdi_exec_template.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-cmdi-002",
|
|
"file": "typescript/cmdi/cmdi_async_wrapper.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:5)",
|
|
"taint-unsanitised-flow (source 9:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:5)",
|
|
"taint-unsanitised-flow (source 9:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-code_injection-001",
|
|
"file": "typescript/code_injection/code_exec_eval.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)",
|
|
"ts.code_exec.eval"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)",
|
|
"ts.code_exec.eval"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-code_injection-002",
|
|
"file": "typescript/code_injection/code_exec_new_function.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "code_injection",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.code_exec.new_function",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.code_exec.new_function",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-crypto-001",
|
|
"file": "typescript/crypto/weak_hash_md5.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "crypto",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.crypto.weak_hash_import"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.crypto.weak_hash_import"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-data_exfil-001",
|
|
"file": "typescript/data_exfil/exfil_fetch_cookie_body.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-data_exfil-002",
|
|
"file": "typescript/data_exfil/exfil_fetch_header_body.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "data_exfil",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-data-exfiltration (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-iife-closure-001",
|
|
"file": "typescript/safe/safe_iife_closure_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-iife-closure-vuln-001",
|
|
"file": "typescript/xss/vuln_iife_closure_no_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 15:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 15:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-insecure_config-001",
|
|
"file": "typescript/insecure_config/reject_unauthorized.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "insecure_config",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.config.reject_unauthorized"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.config.reject_unauthorized"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-insecure_config-002",
|
|
"file": "typescript/insecure_config/cookie_httponly.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "insecure_config",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.config.insecure_session_httponly"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"ts.secrets.hardcoded_secret"
|
|
],
|
|
"all_finding_ids": [
|
|
"ts.secrets.hardcoded_secret",
|
|
"ts.config.insecure_session_httponly"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-interproc-001",
|
|
"file": "typescript/interprocedural/interproc_class_method.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 14:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 14:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-open_redirect-001",
|
|
"file": "typescript/open_redirect/location_href.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)",
|
|
"ts.xss.location_assign"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)",
|
|
"ts.xss.location_assign"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-path_traversal-001",
|
|
"file": "typescript/path_traversal/path_traversal_sendfile.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "path_traversal",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-prototype-001",
|
|
"file": "typescript/prototype/proto_assignment.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "prototype",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.prototype.proto_assignment"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.prototype.proto_assignment",
|
|
"ts.quality.as_any"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "ts-safe-001",
|
|
"file": "typescript/safe/safe_dompurify.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-002",
|
|
"file": "typescript/safe/safe_number_coerce.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-003",
|
|
"file": "typescript/safe/safe_encode_uri.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-004",
|
|
"file": "typescript/safe/safe_hardcoded_url.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-005",
|
|
"file": "typescript/safe/safe_validator_escape.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-006",
|
|
"file": "typescript/safe/safe_typeof_guard.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-007",
|
|
"file": "typescript/safe/safe_interproc_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-008",
|
|
"file": "typescript/safe/safe_constant_query.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-009",
|
|
"file": "typescript/safe/safe_parameterized.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-010",
|
|
"file": "typescript/safe/safe_jsx_text.tsx",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-014",
|
|
"file": "typescript/safe/safe_direct_path_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-015",
|
|
"file": "typescript/safe/safe_null_path_sanitizer.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-016",
|
|
"file": "typescript/safe/safe_cross_function_dotdot.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-017",
|
|
"file": "typescript/safe/safe_strapi_db_query_chain.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.quality.any_annotation"
|
|
],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "ts-safe-018",
|
|
"file": "typescript/safe/safe_indirect_validator.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-019",
|
|
"file": "typescript/safe/safe_helper_with_validator.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-020",
|
|
"file": "typescript/safe/safe_env_empty_fallback.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-safe-021",
|
|
"file": "typescript/safe/safe_validated_helper_chain.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "safe",
|
|
"is_vulnerable": false,
|
|
"outcome_file_level": "TN",
|
|
"outcome_rule_level": "TN",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [],
|
|
"security_finding_count": 0,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-secrets-001",
|
|
"file": "typescript/secrets/fallback_secret.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "secrets",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"ts.secrets.fallback_secret"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.secrets.fallback_secret"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-sqli-001",
|
|
"file": "typescript/sqli/sqli_template_literal.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-sqli-002",
|
|
"file": "typescript/sqli/sqli_prisma_raw.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)",
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)",
|
|
"taint-unsanitised-flow (source 8:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-sqli-003",
|
|
"file": "typescript/sqli/sqli_db_query_concat.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "sqli",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": null,
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 15:5)",
|
|
"taint-unsanitised-flow (source 21:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.quality.any_annotation",
|
|
"ts.quality.any_annotation",
|
|
"taint-unsanitised-flow (source 15:5)",
|
|
"taint-unsanitised-flow (source 21:5)",
|
|
"ts.quality.any_annotation"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 3
|
|
},
|
|
{
|
|
"case_id": "ts-ssrf-001",
|
|
"file": "typescript/ssrf/ssrf_axios_user_url.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-ssrf-002",
|
|
"file": "typescript/ssrf/ssrf_fastify_fetch.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 8:5)",
|
|
"taint-unsanitised-flow (source 7:52)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 8:5)",
|
|
"taint-unsanitised-flow (source 7:52)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-ssrf-003",
|
|
"file": "typescript/ssrf/ssrf_encoded_host.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "ssrf",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-type_system-001",
|
|
"file": "typescript/type_system/discriminated_union_narrow.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"cfg-unguarded-sink",
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-type_system-002",
|
|
"file": "typescript/type_system/interface_dispatch.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 18:5)"
|
|
],
|
|
"unexpected_rule_ids": [
|
|
"cfg-unguarded-sink"
|
|
],
|
|
"all_finding_ids": [
|
|
"cfg-unguarded-sink",
|
|
"taint-unsanitised-flow (source 18:5)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-type_system-003",
|
|
"file": "typescript/type_system/decorator_passthrough.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "cmdi",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 14:5)",
|
|
"taint-unsanitised-flow (source 22:13)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 14:5)",
|
|
"taint-unsanitised-flow (source 22:13)"
|
|
],
|
|
"security_finding_count": 2,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-xss-001",
|
|
"file": "typescript/xss/xss_typed_innerhtml.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-xss-002",
|
|
"file": "typescript/xss/xss_as_any_cast.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"ts.quality.as_any",
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 1
|
|
},
|
|
{
|
|
"case_id": "ts-xss-003",
|
|
"file": "typescript/xss/xss_generic_identity.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 9:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 9:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-xss-004",
|
|
"file": "typescript/xss/xss_optional_chain_source.ts",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 5:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
},
|
|
{
|
|
"case_id": "ts-xss-005",
|
|
"file": "typescript/xss/xss_dangerously_set_inner_html.tsx",
|
|
"language": "typescript",
|
|
"vuln_class": "xss",
|
|
"is_vulnerable": true,
|
|
"outcome_file_level": "TP",
|
|
"outcome_rule_level": "TP",
|
|
"outcome_location_level": "TP",
|
|
"matched_rule_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"unexpected_rule_ids": [],
|
|
"all_finding_ids": [
|
|
"taint-unsanitised-flow (source 7:5)"
|
|
],
|
|
"security_finding_count": 1,
|
|
"non_security_finding_count": 0
|
|
}
|
|
],
|
|
"aggregate_file_level": {
|
|
"tp": 250,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 256,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"aggregate_rule_level": {
|
|
"tp": 250,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 256,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"by_language": {
|
|
"c": {
|
|
"tp": 16,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 16,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"cpp": {
|
|
"tp": 19,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 16,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"go": {
|
|
"tp": 27,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 32,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"java": {
|
|
"tp": 21,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 20,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"javascript": {
|
|
"tp": 23,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 29,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"php": {
|
|
"tp": 19,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 20,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"python": {
|
|
"tp": 29,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 32,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"ruby": {
|
|
"tp": 24,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 24,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"rust": {
|
|
"tp": 37,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 41,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"typescript": {
|
|
"tp": 35,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 26,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
}
|
|
},
|
|
"by_vuln_class": {
|
|
"auth": {
|
|
"tp": 19,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"buffer_overflow": {
|
|
"tp": 7,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"cmdi": {
|
|
"tp": 57,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"code_exec": {
|
|
"tp": 4,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"code_injection": {
|
|
"tp": 10,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"crypto": {
|
|
"tp": 2,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"data_exfil": {
|
|
"tp": 13,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"deser": {
|
|
"tp": 8,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"deserialization": {
|
|
"tp": 5,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"fmt_string": {
|
|
"tp": 5,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"insecure_config": {
|
|
"tp": 2,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"memory_safety": {
|
|
"tp": 3,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"path_traversal": {
|
|
"tp": 27,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"prototype": {
|
|
"tp": 1,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"resource": {
|
|
"tp": 1,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"safe": {
|
|
"tp": 0,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 256,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"secrets": {
|
|
"tp": 1,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"sql_injection": {
|
|
"tp": 1,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"sqli": {
|
|
"tp": 31,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"ssrf": {
|
|
"tp": 30,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
},
|
|
"xss": {
|
|
"tp": 23,
|
|
"fp": 0,
|
|
"fn_": 0,
|
|
"tn": 0,
|
|
"precision": 1.0,
|
|
"recall": 1.0,
|
|
"f1": 1.0
|
|
}
|
|
},
|
|
"by_confidence": {
|
|
">=High": {
|
|
"tp": 81,
|
|
"fp": 105,
|
|
"fn_": 169,
|
|
"tn": 151,
|
|
"precision": 0.43548387096774194,
|
|
"recall": 0.324,
|
|
"f1": 0.37155963302752293
|
|
},
|
|
">=Low": {
|
|
"tp": 87,
|
|
"fp": 124,
|
|
"fn_": 163,
|
|
"tn": 132,
|
|
"precision": 0.41232227488151657,
|
|
"recall": 0.348,
|
|
"f1": 0.3774403470715834
|
|
},
|
|
">=Medium": {
|
|
"tp": 87,
|
|
"fp": 118,
|
|
"fn_": 163,
|
|
"tn": 138,
|
|
"precision": 0.424390243902439,
|
|
"recall": 0.348,
|
|
"f1": 0.3824175824175824
|
|
}
|
|
}
|
|
} |