From 2fa04a8d699dd8dc211d229184469204dfee995d Mon Sep 17 00:00:00 2001 From: bidaya0 Date: Wed, 14 Jun 2023 15:40:06 +0800 Subject: [PATCH] feat: add new strategy . --- static/data/java_full_policy.json | 4458 ++++++++++++++++++----------- static/data/java_policy.json | 2579 +++++++++++------ 2 files changed, 4575 insertions(+), 2462 deletions(-) diff --git a/static/data/java_full_policy.json b/static/data/java_full_policy.json index 147d90de3..f4c1f88eb 100644 --- a/static/data/java_full_policy.json +++ b/static/data/java_full_policy.json @@ -416,6 +416,24 @@ }, { "details": [ + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "jakarta.naming.Context.lookup(java.lang.String)" + }, { "command": "", "created_by": 1, @@ -1840,6 +1858,35 @@ "type": 1, "value": "String" }, + { + "details": [ + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [ + "xml-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "xml-decoded" + ], + "value": "org.thymeleaf.util.DOMUtils.escapeXml(char[], boolean)" + } + ], + "enable": 1, + "type": 1, + "value": "String" + }, { "details": [ { @@ -3966,6 +4013,42 @@ }, { "details": [ + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.awt.Desktop.browse(java.net.URI)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.lang.ProcessImpl.start(java.lang.String[],java.util.Map,java.lang.String,boolean)" + }, { "command": "", "created_by": 1, @@ -4622,11 +4705,15 @@ "inherit": "false", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "com.ibm.ejs.util.am._Alarm.run", + "com.ibm.crypto.provider.PKCS12KeyStore.engineLoad", + "util.StateUtils.encrypt" + ], "system_type": 1, "tags": [], "target": "", - "track": "false", + "track": "true", "type": 4, "untags": [], "value": "javax.crypto.Cipher.getInstance(java.lang.String)" @@ -4658,11 +4745,13 @@ "inherit": "false", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "com.ca.siteminder" + ], "system_type": 1, "tags": [], "target": "", - "track": "false", + "track": "true", "type": 4, "untags": [], "value": "javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider)" @@ -4683,11 +4772,44 @@ "inherit": "false", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "com.mysql.jdbc", + "org.skife.jdbi.v2.Query", + "com.amazonaws.services.s3.AmazonS3Client.putObject", + "com.ibm.crypto.provider.PKCS12KeyStore.engineLoad", + "com.ibm.ws.security.ltpa.LTPAToken2.getBytes", + "com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake", + "com.jcraft.jsch.Session.connect", + "com.microsoft.sqlserver.jdbc.TDSChannel.enableSS", + "com.newrelic.agent", + "com.compuware.apm.agent", + "asset.pipeline.AssetPipeline.serveUncompiledAsset", + "controllers.AssetsBuilder", + "JITCompiler", + "java.security.SecureRandom", + "java.util.jar.JarVerifier", + "javax.crypto.JarVerifier", + "jakarta.crypto.JarVerifier", + "maybeNotModified", + "oracle.jdbc.driver", + "java.security.Signature.initVerify", + "oracle.jdbc.xa.client.OracleXADataSource.getXAConnection", + "org.eclipse.jetty.io.ssl.SslConnection", + "org.springframework.web.client.RestTemplate", + "org.thymeleaf.spring4.view.ThymeleafView.render", + "play.api.libs.Codecs$", + "play.api.mvc.CookieBaker", + "play.router.RoutesCompiler", + "play.PlaySourceGenerators", + "sbt.compiler", + "sbt.inc.Stamp", + "org.jets3t.service.utils.ServiceUtils.signWithHmacSha1", + "org.jboss.resteasy.spi.ResteasyDeployment.start" + ], "system_type": 1, "tags": [], "target": "", - "track": "false", + "track": "true", "type": 4, "untags": [], "value": "java.security.MessageDigest.getInstance(java.lang.String)" @@ -4701,11 +4823,15 @@ "inherit": "false", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "java.security.SecureRandom", + "java.util.jar.JarVerifier", + "com.microsoft.sqlserver.jdbc.TDSChannel.enableSS" + ], "system_type": 1, "tags": [], "target": "", - "track": "false", + "track": "true", "type": 4, "untags": [], "value": "java.security.MessageDigest.getInstance(java.lang.String,java.lang.String)" @@ -4719,11 +4845,14 @@ "inherit": "false", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "java.security.SecureRandom", + "java.util.jar.JarVerifier" + ], "system_type": 1, "tags": [], "target": "", - "track": "false", + "track": "true", "type": 4, "untags": [], "value": "java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)" @@ -4797,12 +4926,14 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "", - "stack_blacklist": [], + "source": "O", + "stack_blacklist": [ + "weblogic.work.IncrementAdvisor.run" + ], "system_type": 1, "tags": [], "target": "", - "track": "false", + "track": "true", "type": 4, "untags": [], "value": "java.util.Random.nextFloat()" @@ -4833,12 +4964,15 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "", - "stack_blacklist": [], + "source": "O", + "stack_blacklist": [ + "com.google.gson.JsonObject", + "java.util.Hashtable" + ], "system_type": 1, "tags": [], "target": "", - "track": "false", + "track": "true", "type": 4, "untags": [], "value": "java.util.Random.nextInt()" @@ -4852,7 +4986,15 @@ "inherit": "false", "language": 1, "source": "O", - "stack_blacklist": [], + "stack_blacklist": [ + "getRandomSample", + "java.util.Hashtable", + "NullSafeConcurrentHashMap", + "org.apache.tomcat.websocket.WsWebSocketContainer.generateWsKeyValue", + "org.quartz.core.QuartzSchedulerThread.getRandomizedIdleWaitTime", + "SelectableConcurrentHashMap", + "net.bytebuddy.utility.RandomString.nextString" + ], "system_type": 1, "tags": [], "target": "", @@ -5060,7 +5202,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.jsp.el.ExpressionEvaluator.evaluate(java.lang.String,java.lang.Class,javax.servlet.jsp.el.VariableResolver,javax.servlet.jsp.el.FunctionMapper)" + "value": "jakarta.el.ELProcessor.eval(java.lang.String)" }, { "command": "", @@ -5078,7 +5220,7 @@ "track": "true", "type": 4, "untags": [], - "value": "ognl.Ognl.getValue(java.lang.Object,java.lang.Object)" + "value": "jakarta.el.ELProcessor.getValue(java.lang.String,java.lang.Class)" }, { "command": "", @@ -5096,7 +5238,7 @@ "track": "true", "type": 4, "untags": [], - "value": "ognl.Ognl.getValue(java.lang.Object,java.lang.Object,java.lang.Class)" + "value": "jakarta.el.ELProcessor.setValue(java.lang.String,java.lang.Object))" }, { "command": "", @@ -5106,7 +5248,7 @@ "ignore_internal": false, "inherit": "all", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5114,7 +5256,7 @@ "track": "true", "type": 4, "untags": [], - "value": "ognl.Ognl.getValue(java.lang.Object,java.util.Map,java.lang.Object)" + "value": "jakarta.el.ELProcessor.setVariable(java.lang.String,java.lang.String)" }, { "command": "", @@ -5124,7 +5266,7 @@ "ignore_internal": false, "inherit": "all", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5132,7 +5274,7 @@ "track": "true", "type": 4, "untags": [], - "value": "ognl.Ognl.getValue(java.lang.Object,java.util.Map,java.lang.Object,java.lang.Class)" + "value": "jakarta.el.ExpressionFactory.createMethodExpression(jakarta.el.ELContext,java.lang.String,java.lang.Class,java.lang.Class[])" }, { "command": "", @@ -5142,7 +5284,7 @@ "ignore_internal": false, "inherit": "all", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5150,7 +5292,7 @@ "track": "true", "type": 4, "untags": [], - "value": "ognl.Ognl.getValue(java.lang.String,java.lang.Object)" + "value": "jakarta.el.ExpressionFactory.createValueExpression(jakarta.el.ELContext,java.lang.String,java.lang.Class)" }, { "command": "", @@ -5168,7 +5310,7 @@ "track": "true", "type": 4, "untags": [], - "value": "ognl.Ognl.getValue(java.lang.String,java.lang.Object,java.lang.Class)" + "value": "jakarta.servlet.jsp.el.ExpressionEvaluator.evaluate(java.lang.String,java.lang.Class,jakarta.servlet.jsp.el.VariableResolver,jakarta.servlet.jsp.el.FunctionMapper)" }, { "command": "", @@ -5186,7 +5328,7 @@ "track": "true", "type": 4, "untags": [], - "value": "ognl.Ognl.getValue(java.lang.String,java.util.Map,java.lang.Object)" + "value": "javax.el.ELProcessor.eval(java.lang.String)" }, { "command": "", @@ -5204,7 +5346,7 @@ "track": "true", "type": 4, "untags": [], - "value": "ognl.Ognl.getValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Class)" + "value": "javax.el.ELProcessor.getValue(java.lang.String,java.lang.Class)" }, { "command": "", @@ -5222,7 +5364,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.commons.ognl.Ognl.parseExpression(java.lang.String)" + "value": "javax.el.ELProcessor.setValue(java.lang.String,java.lang.Object)" }, { "command": "", @@ -5230,9 +5372,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5240,7 +5382,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValue()" + "value": "javax.el.ELProcessor.setVariable(java.lang.String,java.lang.String)" }, { "command": "", @@ -5248,9 +5390,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5258,7 +5400,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValue(java.lang.Class)" + "value": "javax.el.ExpressionFactory.createMethodExpression(javax.el.ELContext,java.lang.String,java.lang.Class,java.lang.Class[])" }, { "command": "", @@ -5266,9 +5408,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5276,7 +5418,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValue(java.lang.Object)" + "value": "javax.el.ExpressionFactory.createValueExpression(javax.el.ELContext,java.lang.String,java.lang.Class)" }, { "command": "", @@ -5284,9 +5426,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5294,7 +5436,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValue(java.lang.Object,java.lang.Class)" + "value": "javax.servlet.jsp.el.ExpressionEvaluator.evaluate(java.lang.String,java.lang.Class,javax.servlet.jsp.el.VariableResolver,javax.servlet.jsp.el.FunctionMapper)" }, { "command": "", @@ -5302,9 +5444,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5312,7 +5454,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext)" + "value": "ognl.Ognl.getValue(java.lang.Object,java.lang.Object)" }, { "command": "", @@ -5320,9 +5462,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5330,7 +5472,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Class)" + "value": "ognl.Ognl.getValue(java.lang.Object,java.lang.Object,java.lang.Class)" }, { "command": "", @@ -5338,9 +5480,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5348,7 +5490,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Object)" + "value": "ognl.Ognl.getValue(java.lang.Object,java.util.Map,java.lang.Object)" }, { "command": "", @@ -5356,9 +5498,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5366,7 +5508,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Object,java.lang.Class)" + "value": "ognl.Ognl.getValue(java.lang.Object,java.util.Map,java.lang.Object,java.lang.Class)" }, { "command": "", @@ -5374,9 +5516,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5384,7 +5526,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValueTypeDescriptor()" + "value": "ognl.Ognl.getValue(java.lang.String,java.lang.Object)" }, { "command": "", @@ -5392,9 +5534,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5402,7 +5544,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValueTypeDescriptor(java.lang.Object)" + "value": "ognl.Ognl.getValue(java.lang.String,java.lang.Object,java.lang.Class)" }, { "command": "", @@ -5410,9 +5552,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5420,7 +5562,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValueTypeDescriptor(org.springframework.expression.EvaluationContext)" + "value": "ognl.Ognl.getValue(java.lang.String,java.util.Map,java.lang.Object)" }, { "command": "", @@ -5428,9 +5570,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5438,7 +5580,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.springframework.expression.Expression.getValueTypeDescriptor(org.springframework.expression.EvaluationContext,java.lang.Object)" + "value": "ognl.Ognl.getValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Class)" }, { "command": "", @@ -5446,9 +5588,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5456,15 +5598,26 @@ "track": "true", "type": 4, "untags": [], - "value": "org.thymeleaf.standard.expression.IStandardExpressionParser.parseExpression(org.thymeleaf.context.IExpressionContext,java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "expression-language-injection" - }, - { - "details": [ + "value": "ognl.Ognl.parseExpression(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "org.apache.commons.ognl.Ognl.parseExpression(java.lang.String)" + }, { "command": "", "created_by": 1, @@ -5477,11 +5630,11 @@ "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.commons.fileupload.FileItem.getName()" + "value": "org.springframework.expression.Expression.getValue()" }, { "command": "", @@ -5495,11 +5648,11 @@ "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.springframework.web.multipart.MultipartFile.getName()" + "value": "org.springframework.expression.Expression.getValue(java.lang.Class)" }, { "command": "", @@ -5513,19 +5666,12 @@ "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.springframework.web.multipart.MultipartFile.getOriginalFilename()" - } - ], - "enable": 1, - "type": 1, - "value": "fileupload" - }, - { - "details": [ + "value": "org.springframework.expression.Expression.getValue(java.lang.Object)" + }, { "command": "", "created_by": 1, @@ -5534,7 +5680,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P2", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5542,7 +5688,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.createFilter(java.lang.Object,java.lang.String)" + "value": "org.springframework.expression.Expression.getValue(java.lang.Object,java.lang.Class)" }, { "command": "", @@ -5552,7 +5698,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5560,7 +5706,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.createQuery(java.lang.String)" + "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext)" }, { "command": "", @@ -5570,7 +5716,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5578,7 +5724,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.createSQLQuery(java.lang.String)" + "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Class)" }, { "command": "", @@ -5588,7 +5734,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5596,7 +5742,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.createSQLQuery(java.lang.String,java.lang.String,java.lang.Class)" + "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Object)" }, { "command": "", @@ -5606,7 +5752,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5614,7 +5760,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.createSQLQuery(java.lang.String,java.lang.String[],java.lang.Class[])" + "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Object,java.lang.Class)" }, { "command": "", @@ -5624,7 +5770,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5632,7 +5778,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.delete(java.lang.String)" + "value": "org.springframework.expression.Expression.getValueTypeDescriptor()" }, { "command": "", @@ -5642,7 +5788,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5650,7 +5796,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.delete(java.lang.String,java.lang.Object,org.hibernate.type.Type)" + "value": "org.springframework.expression.Expression.getValueTypeDescriptor(java.lang.Object)" }, { "command": "", @@ -5660,7 +5806,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5668,7 +5814,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.delete(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" + "value": "org.springframework.expression.Expression.getValueTypeDescriptor(org.springframework.expression.EvaluationContext)" }, { "command": "", @@ -5678,7 +5824,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P2", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5686,7 +5832,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String)" + "value": "org.springframework.expression.Expression.getValueTypeDescriptor(org.springframework.expression.EvaluationContext,java.lang.Object)" }, { "command": "", @@ -5694,9 +5840,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5704,7 +5850,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String,java.lang.Object,org.hibernate.type.Type)" + "value": "org.thymeleaf.standard.expression.Expression.parse(java.lang.String)" }, { "command": "", @@ -5722,8 +5868,15 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" - }, + "value": "org.thymeleaf.standard.expression.IStandardExpressionParser.parseExpression(org.thymeleaf.context.IExpressionContext,java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "expression-language-injection" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -5732,15 +5885,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "R", + "track": "false", + "type": 1, "untags": [], - "value": "org.hibernate.Session.find(java.lang.String)" + "value": "org.apache.commons.fileupload.FileItem.getName()" }, { "command": "", @@ -5750,15 +5903,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "R", + "track": "false", + "type": 1, "untags": [], - "value": "org.hibernate.Session.find(java.lang.String,java.lang.Object,org.hibernate.type.Type)" + "value": "org.springframework.web.multipart.MultipartFile.getName()" }, { "command": "", @@ -5768,16 +5921,23 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "R", + "track": "false", + "type": 1, "untags": [], - "value": "org.hibernate.Session.find(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" - }, + "value": "org.springframework.web.multipart.MultipartFile.getOriginalFilename()" + } + ], + "enable": 1, + "type": 1, + "value": "fileupload" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -5786,7 +5946,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -5794,7 +5954,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.iterate(java.lang.String)" + "value": "org.hibernate.Session.createFilter(java.lang.Object,java.lang.String)" }, { "command": "", @@ -5812,7 +5972,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.iterate(java.lang.String,java.lang.Object,org.hibernate.type.Type)" + "value": "org.hibernate.Session.createQuery(java.lang.String)" }, { "command": "", @@ -5830,7 +5990,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.Session.iterate(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" + "value": "org.hibernate.Session.createSQLQuery(java.lang.String)" }, { "command": "", @@ -5848,7 +6008,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.SharedSessionContract.createQuery(java.lang.String)" + "value": "org.hibernate.Session.createSQLQuery(java.lang.String,java.lang.String,java.lang.Class)" }, { "command": "", @@ -5866,32 +6026,25 @@ "track": "true", "type": 4, "untags": [], - "value": "org.hibernate.SharedSessionContract.createSQLQuery(java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "hql-injection" - }, - { - "details": [ + "value": "org.hibernate.Session.createSQLQuery(java.lang.String,java.lang.String[],java.lang.Class[])" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.http.entity.ByteArrayEntity.(byte[],int,int,org.apache.http.entity.ContentType)" + "value": "org.hibernate.Session.delete(java.lang.String)" }, { "command": "", @@ -5899,17 +6052,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.http.entity.ByteArrayEntity.(byte[],org.apache.http.entity.ContentType)" + "value": "org.hibernate.Session.delete(java.lang.String,java.lang.Object,org.hibernate.type.Type)" }, { "command": "", @@ -5917,17 +6070,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.http.entity.InputStreamEntity.(java.io.InputStream,long,org.apache.http.entity.ContentType)" + "value": "org.hibernate.Session.delete(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { "command": "", @@ -5935,17 +6088,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.http.entity.StringEntity.(java.lang.String,java.lang.String,java.lang.String)" + "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String)" }, { "command": "", @@ -5953,42 +6106,35 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.http.entity.StringEntity.(java.lang.String,org.apache.http.entity.ContentType)" - } - ], - "enable": 1, - "type": 1, - "value": "httpclient" - }, - { - "details": [ + "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String,java.lang.Object,org.hibernate.type.Type)" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.hc.core5.http.io.entity.ByteArrayEntity.(byte[],int,int,org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" + "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { "command": "", @@ -5996,17 +6142,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.hc.core5.http.io.entity.ByteArrayEntity.(byte[],org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" + "value": "org.hibernate.Session.find(java.lang.String)" }, { "command": "", @@ -6014,17 +6160,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.hc.core5.http.io.entity.InputStreamEntity.(java.io.InputStream,long,org.apache.hc.core5.http.ContentType,java.lang.String)" + "value": "org.hibernate.Session.find(java.lang.String,java.lang.Object,org.hibernate.type.Type)" }, { "command": "", @@ -6032,42 +6178,35 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.hc.core5.http.io.entity.StringEntity.(java.lang.String,org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" - } - ], - "enable": 1, - "type": 1, - "value": "httpclient5" - }, - { - "details": [ + "value": "org.hibernate.Session.find(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.BufferedReader.(java.io.FileReader)" + "value": "org.hibernate.Session.iterate(java.lang.String)" }, { "command": "", @@ -6075,17 +6214,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.BufferedReader.(java.io.InputStreamReader)" + "value": "org.hibernate.Session.iterate(java.lang.String,java.lang.Object,org.hibernate.type.Type)" }, { "command": "", @@ -6093,17 +6232,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.BufferedReader.(java.io.Reader)" + "value": "org.hibernate.Session.iterate(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { "command": "", @@ -6111,17 +6250,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.BufferedReader.(java.io.Reader,int)" + "value": "org.hibernate.SharedSessionContract.createQuery(java.lang.String)" }, { "command": "", @@ -6129,17 +6268,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.BufferedReader.readLine()" + "value": "org.hibernate.SharedSessionContract.createSQLQuery(java.lang.String)" }, { "command": "", @@ -6147,17 +6286,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.ByteArrayInputStream.(byte[])" + "value": "org.hibernate.criterion.Expression.sql(java.lang.String)" }, { "command": "", @@ -6165,128 +6304,135 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.ByteArrayInputStream.(byte[],int,int)" + "value": "org.hibernate.criterion.Expression.sql(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { - "command": "REMOVE()", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.ByteArrayOutputStream.reset()" + "value": "org.hibernate.criterion.Restrictions.sqlRestriction(java.lang.String)" }, { - "command": "KEEP()", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.ByteArrayOutputStream.toByteArray()" + "value": "org.hibernate.criterion.Restrictions.sqlRestriction(java.lang.String,java.lang.Object,org.hibernate.type.Type)" }, { - "command": "KEEP()", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.ByteArrayOutputStream.toString()" + "value": "org.hibernate.criterion.Restrictions.sqlRestriction(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { - "command": "KEEP()", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.ByteArrayOutputStream.toString(int)" + "value": "org.hibernate.query.QueryProducer.createNativeQuery(java.lang.String)" }, { - "command": "KEEP()", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.ByteArrayOutputStream.toString(java.lang.String)" + "value": "org.hibernate.query.QueryProducer.createNativeQuery(java.lang.String,java.lang.Class)" }, { - "command": "KEEP()", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "java.io.ByteArrayOutputStream.toString(java.nio.charset.Charset)" - }, + "value": "org.hibernate.query.QueryProducer.createNativeQuery(java.lang.String,java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "hql-injection" + }, + { + "details": [ { - "command": "APPEND(P2,P3)", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -6298,10 +6444,10 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "java.io.ByteArrayOutputStream.write(byte[],int,int)" + "value": "org.apache.http.entity.ByteArrayEntity.(byte[],int,int,org.apache.http.entity.ContentType)" }, { "command": "", @@ -6316,13 +6462,13 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "java.io.CharArrayReader.(char[])" + "value": "org.apache.http.entity.ByteArrayEntity.(byte[],org.apache.http.entity.ContentType)" }, { - "command": "INSERT(0,P2,P3)", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -6334,28 +6480,28 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "java.io.CharArrayReader.(char[],int,int)" + "value": "org.apache.http.entity.InputStreamEntity.(java.io.InputStream,long,org.apache.http.entity.ContentType)" }, { - "command": "INSERT(0,P2,P3)", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "P1", - "track": "", + "target": "O", + "track": "false", "type": 1, "untags": [], - "value": "java.io.CharArrayReader.read(char[],int,int)" + "value": "org.apache.http.entity.StringEntity.(java.lang.String,java.lang.String,java.lang.String)" }, { "command": "", @@ -6370,11 +6516,18 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "java.io.FileInputStream.(java.io.File)" - }, + "value": "org.apache.http.entity.StringEntity.(java.lang.String,org.apache.http.entity.ContentType)" + } + ], + "enable": 1, + "type": 1, + "value": "httpclient" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -6388,10 +6541,10 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "java.io.FileInputStream.(java.lang.String)" + "value": "org.apache.hc.core5.http.io.entity.ByteArrayEntity.(byte[],int,int,org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" }, { "command": "", @@ -6406,10 +6559,10 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "java.io.FileReader.(java.io.File)" + "value": "org.apache.hc.core5.http.io.entity.ByteArrayEntity.(byte[],org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" }, { "command": "", @@ -6424,10 +6577,10 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "java.io.InputStream.(java.io.InputStream)" + "value": "org.apache.hc.core5.http.io.entity.InputStreamEntity.(java.io.InputStream,long,org.apache.hc.core5.http.ContentType,java.lang.String)" }, { "command": "", @@ -6437,16 +6590,23 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "P1", - "track": "", + "target": "O", + "track": "false", "type": 1, "untags": [], - "value": "java.io.InputStream.read(byte[],int,int)" - }, + "value": "org.apache.hc.core5.http.io.entity.StringEntity.(java.lang.String,org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" + } + ], + "enable": 1, + "type": 1, + "value": "httpclient5" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -6463,7 +6623,7 @@ "track": "", "type": 1, "untags": [], - "value": "java.io.InputStreamReader.(java.io.InputStream)" + "value": "java.io.BufferedReader.(java.io.InputStreamReader)" }, { "command": "", @@ -6481,7 +6641,7 @@ "track": "", "type": 1, "untags": [], - "value": "java.io.InputStreamReader.(java.io.InputStream,java.nio.charset.Charset)" + "value": "java.io.BufferedReader.(java.io.Reader)" }, { "command": "", @@ -6491,15 +6651,15 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "P1", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "java.io.InputStreamReader.read(char[],int,int)" + "value": "java.io.BufferedReader.(java.io.Reader,int)" }, { "command": "", @@ -6507,20 +6667,20 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", + "target": "R", "track": "", "type": 1, "untags": [], - "value": "java.io.ObjectInputStream.(java.io.InputStream)" + "value": "java.io.BufferedReader.readLine()" }, { - "command": "INSERT(0,P2,P3)", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -6532,13 +6692,13 @@ "system_type": 1, "tags": [], "target": "O", - "track": "false", + "track": "", "type": 1, "untags": [], - "value": "java.io.PipedInputStream.read(byte[],int,int)" + "value": "java.io.ByteArrayInputStream.(byte[])" }, { - "command": "INSERT(0,P2,P3)", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -6550,20 +6710,20 @@ "system_type": 1, "tags": [], "target": "O", - "track": "false", + "track": "", "type": 1, "untags": [], - "value": "java.io.PipedReader.read(char[],int,int)" + "value": "java.io.ByteArrayInputStream.(byte[],int,int)" }, { - "command": "", + "command": "REMOVE()", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -6571,10 +6731,10 @@ "track": "", "type": 1, "untags": [], - "value": "java.io.PushbackInputStream.(java.io.InputStream,int)" + "value": "java.io.ByteArrayOutputStream.reset()" }, { - "command": "", + "command": "KEEP()", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -6585,29 +6745,29 @@ "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "P1", + "target": "R", "track": "false", "type": 1, "untags": [], - "value": "java.io.PushbackInputStream.read(byte[],int,int)" + "value": "java.io.ByteArrayOutputStream.toByteArray()" }, { - "command": "", + "command": "KEEP()", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", + "target": "R", + "track": "false", "type": 1, "untags": [], - "value": "java.io.StringReader.(java.lang.String)" + "value": "java.io.ByteArrayOutputStream.toString()" }, { "command": "KEEP()", @@ -6625,43 +6785,43 @@ "track": "false", "type": 1, "untags": [], - "value": "java.io.StringWriter.toString()" + "value": "java.io.ByteArrayOutputStream.toString(int)" }, { - "command": "APPEND(P2,P3)", + "command": "KEEP()", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", + "target": "R", "track": "false", "type": 1, "untags": [], - "value": "java.io.StringWriter.write(char[],int,int)" + "value": "java.io.ByteArrayOutputStream.toString(java.lang.String)" }, { - "command": "APPEND()", + "command": "KEEP()", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", + "target": "R", "track": "false", "type": 1, "untags": [], - "value": "java.io.StringWriter.write(java.lang.String)" + "value": "java.io.ByteArrayOutputStream.toString(java.nio.charset.Charset)" }, { "command": "APPEND(P2,P3)", @@ -6676,10 +6836,10 @@ "system_type": 1, "tags": [], "target": "O", - "track": "false", + "track": "", "type": 1, "untags": [], - "value": "java.io.StringWriter.write(java.lang.String,int,int)" + "value": "java.io.ByteArrayOutputStream.write(byte[],int,int)" }, { "command": "", @@ -6697,28 +6857,28 @@ "track": "", "type": 1, "untags": [], - "value": "java.net.Socket.(java.lang.String,int)" + "value": "java.io.CharArrayReader.(char[])" }, { - "command": "", + "command": "INSERT(0,P2,P3)", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "java.net.Socket.getOutputStream()" + "value": "java.io.CharArrayReader.(char[],int,int)" }, { - "command": "REMOVE()", + "command": "INSERT(0,P2,P3)", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -6729,14 +6889,14 @@ "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", + "target": "P1", + "track": "", "type": 1, "untags": [], - "value": "org.apache.commons.io.output.ByteArrayOutputStream.reset()" + "value": "java.io.CharArrayReader.read(char[],int,int)" }, { - "command": "APPEND(P2,P3)", + "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -6748,18 +6908,11 @@ "system_type": 1, "tags": [], "target": "O", - "track": "false", + "track": "", "type": 1, "untags": [], - "value": "org.apache.commons.io.output.ByteArrayOutputStream.write(byte[],int,int)" - } - ], - "enable": 1, - "type": 1, - "value": "io" - }, - { - "details": [ + "value": "java.io.FileInputStream.(java.io.File)" + }, { "command": "", "created_by": 1, @@ -6768,15 +6921,15 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "javax.xml.bind.JAXBElement.getValue()" + "value": "java.io.FileInputStream.(java.lang.String)" }, { "command": "", @@ -6784,17 +6937,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(java.io.InputStream)" + "value": "java.io.FileReader.(java.io.File)" }, { "command": "", @@ -6802,17 +6955,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(java.io.Reader)" + "value": "java.io.InputStream.(java.io.InputStream)" }, { "command": "", @@ -6820,17 +6973,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "P1", "track": "", "type": 1, "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(javax.xml.transform.Source)" + "value": "java.io.InputStream.read(byte[],int,int)" }, { "command": "", @@ -6838,17 +6991,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(javax.xml.transform.Source,java.lang.Class)" + "value": "java.io.InputStreamReader.(java.io.InputStream)" }, { "command": "", @@ -6856,17 +7009,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(org.xml.sax.InputSource)" + "value": "java.io.InputStreamReader.(java.io.InputStream,java.nio.charset.Charset)" }, { "command": "", @@ -6874,17 +7027,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "P1", "track": "", "type": 1, "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.InputStream)" + "value": "java.io.InputStreamReader.read(char[],int,int)" }, { "command": "", @@ -6892,53 +7045,53 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.InputStream,java.lang.String)" + "value": "java.io.ObjectInputStream.(java.io.InputStream)" }, { - "command": "", + "command": "INSERT(0,P2,P3)", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "", + "target": "O", + "track": "false", "type": 1, "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.Reader)" + "value": "java.io.PipedInputStream.read(byte[],int,int)" }, { - "command": "", + "command": "INSERT(0,P2,P3)", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "", + "target": "O", + "track": "false", "type": 1, "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.lang.String,java.io.InputStream)" + "value": "java.io.PipedReader.read(char[],int,int)" }, { "command": "", @@ -6946,17 +7099,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", + "target": "O", "track": "", "type": 1, "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.lang.String,java.io.Reader)" + "value": "java.io.PushbackInputStream.(java.io.InputStream,int)" }, { "command": "", @@ -6964,17 +7117,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "", + "target": "P1", + "track": "false", "type": 1, "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(javax.xml.transform.Source)" + "value": "java.io.PushbackInputStream.read(byte[],int,int)" }, { "command": "", @@ -6992,28 +7145,28 @@ "track": "", "type": 1, "untags": [], - "value": "javax.xml.transform.sax.SAXSource.(org.xml.sax.InputSource)" + "value": "java.io.StringReader.(java.lang.String)" }, { - "command": "", + "command": "KEEP()", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P2", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", + "target": "R", + "track": "false", "type": 1, "untags": [], - "value": "javax.xml.transform.sax.SAXSource.(org.xml.sax.XMLReader,org.xml.sax.InputSource)" + "value": "java.io.StringWriter.toString()" }, { - "command": "", + "command": "APPEND(P2,P3)", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -7025,13 +7178,13 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "javax.xml.transform.sax.SAXSource.setInputSource(org.xml.sax.InputSource)" + "value": "java.io.StringWriter.write(char[],int,int)" }, { - "command": "", + "command": "APPEND()", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -7043,13 +7196,13 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "javax.xml.transform.stream.StreamSource.(java.io.File)" + "value": "java.io.StringWriter.write(java.lang.String)" }, { - "command": "", + "command": "APPEND(P2,P3)", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -7061,10 +7214,10 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "javax.xml.transform.stream.StreamSource.(java.io.InputStream)" + "value": "java.io.StringWriter.write(java.lang.String,int,int)" }, { "command": "", @@ -7082,7 +7235,7 @@ "track": "", "type": 1, "untags": [], - "value": "javax.xml.transform.stream.StreamSource.(java.io.InputStream,java.lang.String)" + "value": "java.net.Socket.(java.lang.String,int)" }, { "command": "", @@ -7092,18 +7245,36 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", + "target": "R", "track": "", "type": 1, "untags": [], - "value": "javax.xml.transform.stream.StreamSource.(java.io.Reader)" + "value": "java.net.Socket.getOutputStream()" }, { - "command": "", + "command": "REMOVE()", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "O", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "O", + "track": "false", + "type": 1, + "untags": [], + "value": "org.apache.commons.io.output.ByteArrayOutputStream.reset()" + }, + { + "command": "APPEND(P2,P3)", "created_by": 1, "enable": 1, "ignore_blacklist": false, @@ -7115,15 +7286,15 @@ "system_type": 1, "tags": [], "target": "O", - "track": "", + "track": "false", "type": 1, "untags": [], - "value": "javax.xml.transform.stream.StreamSource.(java.io.Reader,java.lang.String)" + "value": "org.apache.commons.io.output.ByteArrayOutputStream.write(byte[],int,int)" } ], "enable": 1, "type": 1, - "value": "javax" + "value": "io" }, { "details": [ @@ -7133,17 +7304,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], "target": "R", - "track": "false", - "type": 2, + "track": "", + "type": 1, "untags": [], - "value": "jakarta.servlet.ServletRequest.getInputStream()" + "value": "javax.xml.bind.JAXBElement.getValue()" }, { "command": "", @@ -7158,10 +7329,10 @@ "system_type": 1, "tags": [], "target": "R", - "track": "false", - "type": 2, + "track": "", + "type": 1, "untags": [], - "value": "jakarta.servlet.ServletRequest.getParameter(java.lang.String)" + "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.InputStream)" }, { "command": "", @@ -7171,15 +7342,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], "target": "R", - "track": "false", - "type": 2, + "track": "", + "type": 1, "untags": [], - "value": "jakarta.servlet.ServletRequest.getParameterNames()" + "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.InputStream,java.lang.String)" }, { "command": "", @@ -7189,15 +7360,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], "target": "R", - "track": "false", - "type": 2, + "track": "", + "type": 1, "untags": [], - "value": "jakarta.servlet.ServletRequest.getParameterValues(java.lang.String)" + "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.lang.String,java.io.InputStream)" }, { "command": "", @@ -7207,15 +7378,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], "target": "R", - "track": "false", - "type": 2, + "track": "", + "type": 1, "untags": [], - "value": "jakarta.servlet.ServletRequest.getReader()" + "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.lang.String,java.io.Reader)" }, { "command": "", @@ -7225,17 +7396,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", - "track": "false", - "type": 2, + "track": "", + "type": 1, "untags": [], - "value": "javax.servlet.ServletRequest.getInputStream()" + "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(javax.xml.transform.Source)" }, { "command": "", @@ -7243,19 +7412,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "type": 2, + "tags": [], + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "javax.servlet.ServletRequest.getParameter(java.lang.String)" + "value": "javax.xml.transform.sax.SAXSource.(org.xml.sax.InputSource)" }, { "command": "", @@ -7263,19 +7430,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "type": 2, + "tags": [], + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "javax.servlet.ServletRequest.getParameterMap()" + "value": "javax.xml.transform.sax.SAXSource.(org.xml.sax.XMLReader,org.xml.sax.InputSource)" }, { "command": "", @@ -7283,19 +7448,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "http-token-limited-chars" - ], - "target": "R", - "track": "false", - "type": 2, + "tags": [], + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "javax.servlet.ServletRequest.getParameterNames()" + "value": "javax.xml.transform.sax.SAXSource.setInputSource(org.xml.sax.InputSource)" }, { "command": "", @@ -7303,19 +7466,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "type": 2, + "tags": [], + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "javax.servlet.ServletRequest.getParameterValues(java.lang.String)" + "value": "javax.xml.transform.stream.StreamSource.(java.io.File)" }, { "command": "", @@ -7323,46 +7484,35 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "type": 2, + "tags": [], + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "javax.servlet.ServletRequest.getReader()" - } - ], - "enable": 1, - "type": 2, - "value": "javax.servlet.ServletRequest" - }, - { - "details": [ + "value": "javax.xml.transform.stream.StreamSource.(java.io.InputStream)" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "type": 2, + "tags": [], + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "jakarta.servlet.ServletRequest.getParameterMap()" + "value": "javax.xml.transform.stream.StreamSource.(java.io.InputStream,java.lang.String)" }, { "command": "", @@ -7370,17 +7520,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 2, + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getCookies()" + "value": "javax.xml.transform.stream.StreamSource.(java.io.Reader)" }, { "command": "", @@ -7388,20 +7538,25 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "type": 2, + "tags": [], + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getHeader(java.lang.String)" - }, + "value": "javax.xml.transform.stream.StreamSource.(java.io.Reader,java.lang.String)" + } + ], + "enable": 1, + "type": 1, + "value": "javax" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -7413,14 +7568,12 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "http-token-limited-chars" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getHeaderNames()" + "value": "jakarta.servlet.ServletRequest.getInputStream()" }, { "command": "", @@ -7433,14 +7586,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getHeaders(java.lang.String)" + "value": "jakarta.servlet.ServletRequest.getParameter(java.lang.String)" }, { "command": "", @@ -7450,17 +7601,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getParameter(java.lang.String)" + "value": "jakarta.servlet.ServletRequest.getParameterNames()" }, { "command": "", @@ -7473,14 +7622,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getPart(java.lang.String)" + "value": "jakarta.servlet.ServletRequest.getParameterValues(java.lang.String)" }, { "command": "", @@ -7493,14 +7640,12 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getParts()" + "value": "jakarta.servlet.ServletRequest.getReader()" }, { "command": "", @@ -7514,14 +7659,13 @@ "stack_blacklist": [], "system_type": 1, "tags": [ - "cross-site", - "xss-encoded" + "cross-site" ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getQueryString()" + "value": "javax.servlet.ServletRequest.getInputStream()" }, { "command": "", @@ -7531,18 +7675,17 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "http-token-limited-chars", - "xss-encoded" + "cross-site" ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.HttpServletRequest.getRequestedSessionId()" + "value": "javax.servlet.ServletRequest.getParameter(java.lang.String)" }, { "command": "", @@ -7555,12 +7698,14 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "cross-site" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.Part.getContentType()" + "value": "javax.servlet.ServletRequest.getParameterMap()" }, { "command": "", @@ -7570,15 +7715,17 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "http-token-limited-chars" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.Part.getHeader(java.lang.String)" + "value": "javax.servlet.ServletRequest.getParameterNames()" }, { "command": "", @@ -7588,17 +7735,17 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "http-token-limited-chars" + "cross-site" ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.Part.getHeaderNames()" + "value": "javax.servlet.ServletRequest.getParameterValues(java.lang.String)" }, { "command": "", @@ -7608,16 +7755,25 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "cross-site" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.Part.getHeaders(java.lang.String)" - }, + "value": "javax.servlet.ServletRequest.getReader()" + } + ], + "enable": 1, + "type": 2, + "value": "javax.servlet.ServletRequest" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -7636,7 +7792,7 @@ "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.Part.getInputStream()" + "value": "jakarta.servlet.ServletRequest.getParameterMap()" }, { "command": "", @@ -7654,7 +7810,7 @@ "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.Part.getName()" + "value": "jakarta.servlet.http.HttpServletRequest.getCookies()" }, { "command": "", @@ -7664,15 +7820,17 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "cross-site" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "jakarta.servlet.http.Part.getSubmittedFileName()" + "value": "jakarta.servlet.http.HttpServletRequest.getHeader(java.lang.String)" }, { "command": "", @@ -7685,12 +7843,14 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "http-token-limited-chars" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getCookies()" + "value": "jakarta.servlet.http.HttpServletRequest.getHeaderNames()" }, { "command": "", @@ -7710,7 +7870,7 @@ "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getHeader(java.lang.String)" + "value": "jakarta.servlet.http.HttpServletRequest.getHeaders(java.lang.String)" }, { "command": "", @@ -7720,15 +7880,17 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "cross-site" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getHeaderNames()" + "value": "jakarta.servlet.http.HttpServletRequest.getParameter(java.lang.String)" }, { "command": "", @@ -7748,7 +7910,7 @@ "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getHeaders(java.lang.String)" + "value": "jakarta.servlet.http.HttpServletRequest.getPart(java.lang.String)" }, { "command": "", @@ -7768,7 +7930,7 @@ "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getInputStream()" + "value": "jakarta.servlet.http.HttpServletRequest.getParts()" }, { "command": "", @@ -7778,17 +7940,18 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [ - "cross-site" + "cross-site", + "xss-encoded" ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getParameter(java.lang.String)" + "value": "jakarta.servlet.http.HttpServletRequest.getQueryString()" }, { "command": "", @@ -7802,13 +7965,14 @@ "stack_blacklist": [], "system_type": 1, "tags": [ - "cross-site" + "http-token-limited-chars", + "xss-encoded" ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getParameterMap()" + "value": "jakarta.servlet.http.HttpServletRequest.getRequestedSessionId()" }, { "command": "", @@ -7821,14 +7985,12 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getParameterNames()" + "value": "jakarta.servlet.http.Part.getContentType()" }, { "command": "", @@ -7841,14 +8003,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getParameterValues(java.lang.String)" + "value": "jakarta.servlet.http.Part.getHeader(java.lang.String)" }, { "command": "", @@ -7858,17 +8018,17 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [ - "cross-site" + "http-token-limited-chars" ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getPart(java.lang.String)" + "value": "jakarta.servlet.http.Part.getHeaderNames()" }, { "command": "", @@ -7878,17 +8038,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getParts()" + "value": "jakarta.servlet.http.Part.getHeaders(java.lang.String)" }, { "command": "", @@ -7902,14 +8060,13 @@ "stack_blacklist": [], "system_type": 1, "tags": [ - "cross-site", - "xss-encoded" + "cross-site" ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getQueryString()" + "value": "jakarta.servlet.http.Part.getInputStream()" }, { "command": "", @@ -7922,14 +8079,12 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getReader()" + "value": "jakarta.servlet.http.Part.getName()" }, { "command": "", @@ -7942,15 +8097,12 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "http-token-limited-chars", - "xss-encoded" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.HttpServletRequest.getRequestedSessionId()" + "value": "jakarta.servlet.http.Part.getSubmittedFileName()" }, { "command": "", @@ -7968,7 +8120,7 @@ "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.Part.getContentType()" + "value": "javax.servlet.http.HttpServletRequest.getCookies()" }, { "command": "", @@ -7981,12 +8133,14 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "cross-site" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.Part.getHeader(java.lang.String)" + "value": "javax.servlet.http.HttpServletRequest.getHeader(java.lang.String)" }, { "command": "", @@ -7999,14 +8153,12 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "http-token-limited-chars" - ], + "tags": [], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.Part.getHeaderNames()" + "value": "javax.servlet.http.HttpServletRequest.getHeaderNames()" }, { "command": "", @@ -8019,12 +8171,14 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "cross-site" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.Part.getHeaders(java.lang.String)" + "value": "javax.servlet.http.HttpServletRequest.getHeaders(java.lang.String)" }, { "command": "", @@ -8044,7 +8198,7 @@ "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.Part.getInputStream()" + "value": "javax.servlet.http.HttpServletRequest.getInputStream()" }, { "command": "", @@ -8054,15 +8208,17 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "cross-site" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.Part.getName()" + "value": "javax.servlet.http.HttpServletRequest.getParameter(java.lang.String)" }, { "command": "", @@ -8075,20 +8231,15 @@ "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "cross-site" + ], "target": "R", "track": "false", "type": 2, "untags": [], - "value": "javax.servlet.http.Part.getSubmittedFileName()" - } - ], - "enable": 1, - "type": 2, - "value": "javax.servlet.http.HttpServletRequest" - }, - { - "details": [ + "value": "javax.servlet.http.HttpServletRequest.getParameterMap()" + }, { "command": "", "created_by": 1, @@ -8097,40 +8248,37 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "O", - "track": "", - "type": 1, + "tags": [ + "cross-site" + ], + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "java.sql.Connection.nativeSQL(java.lang.String)" - } - ], - "enable": 1, - "type": 1, - "value": "jdbc" - }, - { - "details": [ + "value": "javax.servlet.http.HttpServletRequest.getParameterNames()" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, + "tags": [ + "cross-site" + ], + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "javax.naming.directory.DirContext.search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)" + "value": "javax.servlet.http.HttpServletRequest.getParameterValues(java.lang.String)" }, { "command": "", @@ -8138,17 +8286,19 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, + "tags": [ + "cross-site" + ], + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "javax.naming.directory.DirContext.search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)" + "value": "javax.servlet.http.HttpServletRequest.getPart(java.lang.String)" }, { "command": "", @@ -8156,17 +8306,19 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, + "tags": [ + "cross-site" + ], + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "javax.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)" + "value": "javax.servlet.http.HttpServletRequest.getParts()" }, { "command": "", @@ -8174,25 +8326,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, + "tags": [ + "cross-site", + "xss-encoded" + ], + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "javax.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)" - } - ], - "enable": 1, - "type": 4, - "value": "ldap-injection" - }, - { - "details": [ + "value": "javax.servlet.http.HttpServletRequest.getQueryString()" + }, { "command": "", "created_by": 1, @@ -8201,23 +8349,18 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, + "tags": [ + "cross-site" + ], + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "com.mongodb.DB.doEval(java.lang.String,java.lang.Object[])" - } - ], - "enable": 1, - "type": 4, - "value": "nosql-injection" - }, - { - "details": [ + "value": "javax.servlet.http.HttpServletRequest.getReader()" + }, { "command": "", "created_by": 1, @@ -8226,15 +8369,18 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "http-token-limited-chars", + "xss-encoded" + ], "target": "R", "track": "false", - "type": 1, + "type": 2, "untags": [], - "value": "com.opensymphony.xwork2.util.ValueStack.findString(java.lang.String)" + "value": "javax.servlet.http.HttpServletRequest.getRequestedSessionId()" }, { "command": "", @@ -8244,15 +8390,15 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], "target": "R", "track": "false", - "type": 1, + "type": 2, "untags": [], - "value": "com.opensymphony.xwork2.util.ValueStack.findValue(java.lang.String)" + "value": "javax.servlet.http.Part.getContentType()" }, { "command": "", @@ -8268,9 +8414,9 @@ "tags": [], "target": "R", "track": "false", - "type": 1, + "type": 2, "untags": [], - "value": "com.opensymphony.xwork2.util.ValueStack.findValue(java.lang.String,java.lang.Class)" + "value": "javax.servlet.http.Part.getHeader(java.lang.String)" }, { "command": "", @@ -8278,17 +8424,19 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], + "tags": [ + "http-token-limited-chars" + ], "target": "R", - "track": "", - "type": 1, + "track": "false", + "type": 2, "untags": [], - "value": "ognl.Ognl.parseExpression(java.lang.String)" + "value": "javax.servlet.http.Part.getHeaderNames()" }, { "command": "", @@ -8296,17 +8444,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "ognl.OgnlParser.(java.io.InputStream)" + "value": "javax.servlet.http.Part.getHeaders(java.lang.String)" }, { "command": "", @@ -8314,17 +8462,19 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "O", - "track": "", - "type": 1, + "tags": [ + "cross-site" + ], + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "ognl.OgnlParser.(java.io.Reader)" + "value": "javax.servlet.http.Part.getInputStream()" }, { "command": "", @@ -8332,17 +8482,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "R", + "track": "false", + "type": 2, "untags": [], - "value": "ognl.OgnlParser.(ognl.OgnlParserTokenManager)" + "value": "javax.servlet.http.Part.getName()" }, { "command": "", @@ -8350,22 +8500,22 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], "target": "R", - "track": "", - "type": 1, + "track": "false", + "type": 2, "untags": [], - "value": "ognl.OgnlParser.topLevelExpression()" + "value": "javax.servlet.http.Part.getSubmittedFileName()" } ], "enable": 1, - "type": 1, - "value": "ognl" + "type": 2, + "value": "javax.servlet.http.HttpServletRequest" }, { "details": [ @@ -8375,22 +8525,22 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", + "target": "O", + "track": "", "type": 1, "untags": [], - "value": "com.squareup.okhttp.RequestBody.create(com.squareup.okhttp.MediaType,byte[],int,int)" + "value": "java.sql.Connection.nativeSQL(java.lang.String)" } ], "enable": 1, "type": 1, - "value": "okhttp" + "value": "jdbc" }, { "details": [ @@ -8400,17 +8550,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "okhttp3.RequestBody$Companion.create(byte[],okhttp3.MediaType,int,int)" + "value": "jakarta.naming.directory.DirContext.search(java.lang.String,java.lang.String,jakarta.naming.directory.SearchControls)" }, { "command": "", @@ -8418,17 +8568,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "okhttp3.RequestBody$Companion.create(okhttp3.MediaType,byte[],int,int)" + "value": "jakarta.naming.directory.DirContext.search(java.lang.String,java.lang.String,java.lang.Object[],jakarta.naming.directory.SearchControls)" }, { "command": "", @@ -8436,47 +8586,94 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "okhttp3.RequestBody.create(okhttp3.MediaType,byte[],int,int)" - } - ], - "enable": 1, - "type": 1, - "value": "okhttp3" - }, - { - "details": [ + "value": "jakarta.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,jakarta.naming.directory.SearchControls)" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.commons.fileupload.FileItem.getString()" + "value": "javax.naming.directory.DirContext.search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.naming.directory.DirContext.search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)" } ], "enable": 1, - "type": 1, - "value": "org.apache.commons.fileupload.FileItem" + "type": 4, + "value": "ldap-injection" }, { "details": [ @@ -8486,24 +8683,22 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "type": 2, + "tags": [], + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.apache.commons.fileupload.FileUploadBase.parseRequest(org.apache.commons.fileupload.RequestContext)" + "value": "com.mongodb.DB.doEval(java.lang.String,java.lang.Object[])" } ], "enable": 1, - "type": 2, - "value": "org.apache.commons.fileupload.FileUploadBase" + "type": 4, + "value": "nosql-injection" }, { "details": [ @@ -8518,14 +8713,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", - "type": 2, + "type": 1, "untags": [], - "value": "org.springframework.web.bind.annotation.support.HandlerMethodInvoker.resolvePathVariable(java.lang.String,org.springframework.core.MethodParameter,org.springframework.web.context.request.NativeWebRequest,java.lang.Object)" + "value": "com.opensymphony.xwork2.util.ValueStack.findString(java.lang.String)" }, { "command": "", @@ -8538,14 +8731,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", - "type": 2, + "type": 1, "untags": [], - "value": "org.springframework.web.method.support.HandlerMethodArgumentResolver.resolveArgument(org.springframework.core.MethodParameter,org.springframework.web.method.support.ModelAndViewContainer,org.springframework.web.context.request.NativeWebRequest,org.springframework.web.bind.support.WebDataBinderFactory)" + "value": "com.opensymphony.xwork2.util.ValueStack.findValue(java.lang.String)" }, { "command": "", @@ -8558,14 +8749,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", "track": "false", - "type": 2, + "type": 1, "untags": [], - "value": "org.springframework.web.servlet.mvc.method.annotation.PathVariableMethodArgumentResolver.resolveName(java.lang.String,org.springframework.core.MethodParameter,org.springframework.web.context.request.NativeWebRequest)" + "value": "com.opensymphony.xwork2.util.ValueStack.findValue(java.lang.String,java.lang.Class)" }, { "command": "", @@ -8575,25 +8764,16 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "cross-site" - ], + "tags": [], "target": "R", - "track": "false", - "type": 2, + "track": "", + "type": 1, "untags": [], - "value": "org.springframework.web.util.pattern.PathPattern.getPatternString()" - } - ], - "enable": 1, - "type": 2, - "value": "org.springframework.web.method.support.HandlerMethodArgumentResolver" - }, - { - "details": [ + "value": "ognl.Ognl.parseExpression(java.lang.String)" + }, { "command": "", "created_by": 1, @@ -8605,16 +8785,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "xml-encoded" - ], - "target": "R", - "track": "false", + "tags": [], + "target": "O", + "track": "", "type": 1, - "untags": [ - "xml-decoded" - ], - "value": "org.apache.taglibs.standard.util.EscapeXML.escape(java.lang.String)" + "untags": [], + "value": "ognl.OgnlParser.(java.io.InputStream)" }, { "command": "", @@ -8627,16 +8803,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "html-encoded" - ], - "target": "R", - "track": "false", - "type": 1, - "untags": [ - "html-decoded" - ], - "value": "org.owasp.encoder.Encode.forHtml(java.lang.String)" + "tags": [], + "target": "O", + "track": "", + "type": 1, + "untags": [], + "value": "ognl.OgnlParser.(java.io.Reader)" }, { "command": "", @@ -8649,16 +8821,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "html-encoded" - ], - "target": "R", - "track": "false", + "tags": [], + "target": "O", + "track": "", "type": 1, - "untags": [ - "html-decoded" - ], - "value": "org.owasp.encoder.Encode.forHtmlAttribute(java.lang.String)" + "untags": [], + "value": "ognl.OgnlParser.(ognl.OgnlParserTokenManager)" }, { "command": "", @@ -8668,20 +8836,23 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "html-encoded" - ], + "tags": [], "target": "R", - "track": "false", + "track": "", "type": 1, - "untags": [ - "html-decoded" - ], - "value": "org.owasp.encoder.Encode.forHtmlContent(java.lang.String)" - }, + "untags": [], + "value": "ognl.OgnlParser.topLevelExpression()" + } + ], + "enable": 1, + "type": 1, + "value": "ognl" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -8690,20 +8861,23 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, - "tags": [ - "html-encoded" - ], + "tags": [], "target": "R", "track": "false", "type": 1, - "untags": [ - "html-decoded" - ], - "value": "org.owasp.encoder.Encode.forHtmlUnquotedAttribute(java.lang.String)" - }, + "untags": [], + "value": "com.squareup.okhttp.RequestBody.create(com.squareup.okhttp.MediaType,byte[],int,int)" + } + ], + "enable": 1, + "type": 1, + "value": "okhttp" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -8715,16 +8889,12 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "url-encoded" - ], + "tags": [], "target": "R", "track": "false", "type": 1, - "untags": [ - "url-decoded" - ], - "value": "org.owasp.encoder.Encode.forUri(java.lang.String)" + "untags": [], + "value": "okhttp3.RequestBody$Companion.create(byte[],okhttp3.MediaType,int,int)" }, { "command": "", @@ -8734,19 +8904,15 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, - "tags": [ - "url-encoded" - ], + "tags": [], "target": "R", "track": "false", "type": 1, - "untags": [ - "url-decoded" - ], - "value": "org.owasp.encoder.Encode.forUriComponent(java.lang.String)" + "untags": [], + "value": "okhttp3.RequestBody$Companion.create(okhttp3.MediaType,byte[],int,int)" }, { "command": "", @@ -8754,22 +8920,25 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, - "tags": [ - "xml-encoded" - ], + "tags": [], "target": "R", "track": "false", "type": 1, - "untags": [ - "xml-decoded" - ], - "value": "org.owasp.encoder.Encode.forXml(java.lang.String)" - }, + "untags": [], + "value": "okhttp3.RequestBody.create(okhttp3.MediaType,byte[],int,int)" + } + ], + "enable": 1, + "type": 1, + "value": "okhttp3" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -8778,42 +8947,50 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, - "tags": [ - "xml-encoded" - ], + "tags": [], "target": "R", "track": "false", "type": 1, - "untags": [ - "xml-decoded" - ], - "value": "org.owasp.encoder.Encode.forXmlAttribute(java.lang.String)" - }, + "untags": [], + "value": "org.apache.commons.fileupload.FileItem.getString()" + } + ], + "enable": 1, + "type": 1, + "value": "org.apache.commons.fileupload.FileItem" + }, + { + "details": [ { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "xml-encoded" + "cross-site" ], "target": "R", "track": "false", - "type": 1, - "untags": [ - "xml-decoded" - ], - "value": "org.owasp.encoder.Encode.forXmlComment(java.lang.String)" - }, + "type": 2, + "untags": [], + "value": "org.apache.commons.fileupload.FileUploadBase.parseRequest(org.apache.commons.fileupload.RequestContext)" + } + ], + "enable": 1, + "type": 2, + "value": "org.apache.commons.fileupload.FileUploadBase" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -8826,15 +9003,13 @@ "stack_blacklist": [], "system_type": 1, "tags": [ - "xml-encoded" + "cross-site" ], "target": "R", "track": "false", - "type": 1, - "untags": [ - "xml-decoded" - ], - "value": "org.owasp.encoder.Encode.forXmlContent(java.lang.String)" + "type": 2, + "untags": [], + "value": "org.springframework.web.bind.annotation.support.HandlerMethodInvoker.resolvePathVariable(java.lang.String,org.springframework.core.MethodParameter,org.springframework.web.context.request.NativeWebRequest,java.lang.Object)" }, { "command": "", @@ -8848,37 +9023,42 @@ "stack_blacklist": [], "system_type": 1, "tags": [ - "html-decoded" + "cross-site" ], "target": "R", "track": "false", - "type": 1, - "untags": [ - "html-encoded" - ], - "value": "org.owasp.esapi.Encoder.decodeForHTML(java.lang.String)" - }, + "type": 2, + "untags": [], + "value": "org.springframework.web.servlet.mvc.method.annotation.PathVariableMethodArgumentResolver.resolveName(java.lang.String,org.springframework.core.MethodParameter,org.springframework.web.context.request.NativeWebRequest)" + } + ], + "enable": 1, + "type": 2, + "value": "org.springframework.web.method.support.HandlerMethodArgumentResolver" + }, + { + "details": [ { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "base64-decoded" + "xml-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "base64-encoded" + "xml-decoded" ], - "value": "org.owasp.esapi.Encoder.decodeFromBase64(java.lang.String)" + "value": "org.apache.taglibs.standard.util.EscapeXML.escape(java.lang.String)" }, { "command": "", @@ -8886,22 +9066,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "url-decoded" + "html-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "url-encoded", - "xss-encoded" + "html-decoded" ], - "value": "org.owasp.esapi.Encoder.decodeFromURL(java.lang.String)" + "value": "org.owasp.encoder.Encode.forHtml(java.lang.String)" }, { "command": "", @@ -8909,21 +9088,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "base64-encoded" + "html-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "base64-decoded" + "html-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForBase64(byte[],boolean)" + "value": "org.owasp.encoder.Encode.forHtmlAttribute(java.lang.String)" }, { "command": "", @@ -8931,21 +9110,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "ldap-encoded" + "html-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "ldap-decoded" + "html-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForDN(java.lang.String)" + "value": "org.owasp.encoder.Encode.forHtmlContent(java.lang.String)" }, { "command": "", @@ -8953,7 +9132,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -8967,7 +9146,7 @@ "untags": [ "html-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForHTML(java.lang.String)" + "value": "org.owasp.encoder.Encode.forHtmlUnquotedAttribute(java.lang.String)" }, { "command": "", @@ -8975,21 +9154,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "html-encoded" + "url-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "html-decoded" + "url-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForHTMLAttribute(java.lang.String)" + "value": "org.owasp.encoder.Encode.forUri(java.lang.String)" }, { "command": "", @@ -8997,21 +9176,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "ldap-encoded" + "url-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "ldap-decoded" + "url-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForLDAP(java.lang.String,boolean)" + "value": "org.owasp.encoder.Encode.forUriComponent(java.lang.String)" }, { "command": "", @@ -9021,19 +9200,19 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "sql-encoded" + "xml-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "sql-decoded" + "xml-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForSQL(org.owasp.esapi.codecs.Codec,java.lang.String)" + "value": "org.owasp.encoder.Encode.forXml(java.lang.String)" }, { "command": "", @@ -9047,15 +9226,15 @@ "stack_blacklist": [], "system_type": 1, "tags": [ - "url-encoded" + "xml-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "url-decoded" + "xml-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForURL(java.lang.String)" + "value": "org.owasp.encoder.Encode.forXmlAttribute(java.lang.String)" }, { "command": "", @@ -9077,7 +9256,7 @@ "untags": [ "xml-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForXML(java.lang.String)" + "value": "org.owasp.encoder.Encode.forXmlComment(java.lang.String)" }, { "command": "", @@ -9099,7 +9278,7 @@ "untags": [ "xml-decoded" ], - "value": "org.owasp.esapi.Encoder.encodeForXMLAttribute(java.lang.String)" + "value": "org.owasp.encoder.Encode.forXmlContent(java.lang.String)" }, { "command": "", @@ -9113,15 +9292,15 @@ "stack_blacklist": [], "system_type": 1, "tags": [ - "xpath-encoded" + "html-decoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "xpath-decoded" + "html-encoded" ], - "value": "org.owasp.esapi.Encoder.encodeForXPath(java.lang.String)" + "value": "org.owasp.esapi.Encoder.decodeForHTML(java.lang.String)" }, { "command": "", @@ -9129,7 +9308,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -9143,7 +9322,7 @@ "untags": [ "base64-encoded" ], - "value": "org.owasp.esapi.codecs.Base64.decode(byte[],int,int,int)" + "value": "org.owasp.esapi.Encoder.decodeFromBase64(java.lang.String)" }, { "command": "", @@ -9151,21 +9330,22 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "base64-decoded" + "url-decoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "base64-encoded" + "url-encoded", + "xss-encoded" ], - "value": "org.owasp.esapi.codecs.Base64.decode(java.lang.String)" + "value": "org.owasp.esapi.Encoder.decodeFromURL(java.lang.String)" }, { "command": "", @@ -9173,21 +9353,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "base64-decoded" + "base64-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "base64-encoded" + "base64-decoded" ], - "value": "org.owasp.esapi.codecs.Base64.decode(java.lang.String,int)" + "value": "org.owasp.esapi.Encoder.encodeForBase64(byte[],boolean)" }, { "command": "", @@ -9195,21 +9375,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "base64-encoded" + "ldap-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "base64-decoded" + "ldap-decoded" ], - "value": "org.owasp.esapi.codecs.Base64.encodeBytes(byte[])" + "value": "org.owasp.esapi.Encoder.encodeForDN(java.lang.String)" }, { "command": "", @@ -9217,21 +9397,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "base64-encoded" + "html-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "base64-decoded" + "html-decoded" ], - "value": "org.owasp.esapi.codecs.Base64.encodeBytes(byte[],int)" + "value": "org.owasp.esapi.Encoder.encodeForHTML(java.lang.String)" }, { "command": "", @@ -9239,21 +9419,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "base64-encoded" + "html-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "base64-decoded" + "html-decoded" ], - "value": "org.owasp.esapi.codecs.Base64.encodeBytes(byte[],int,int)" + "value": "org.owasp.esapi.Encoder.encodeForHTMLAttribute(java.lang.String)" }, { "command": "", @@ -9261,21 +9441,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "base64-encoded" + "ldap-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "base64-decoded" + "ldap-decoded" ], - "value": "org.owasp.esapi.codecs.Base64.encodeBytes(byte[],int,int,int)" + "value": "org.owasp.esapi.Encoder.encodeForLDAP(java.lang.String,boolean)" }, { "command": "", @@ -9283,21 +9463,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [ - "html-encoded" + "sql-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "html-decoded" + "sql-decoded" ], - "value": "org.owasp.html.PolicyFactory.sanitize(java.lang.String)" + "value": "org.owasp.esapi.Encoder.encodeForSQL(org.owasp.esapi.codecs.Codec,java.lang.String)" }, { "command": "", @@ -9305,21 +9485,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "html-encoded" + "url-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "html-decoded" + "url-decoded" ], - "value": "org.owasp.validator.html.CleanResults.getCleanHTML()" + "value": "org.owasp.esapi.Encoder.encodeForURL(java.lang.String)" }, { "command": "", @@ -9327,21 +9507,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [ - "html-encoded" + "xml-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "html-decoded" + "xml-decoded" ], - "value": "org.owasp.validator.html.CleanResults.getCleanXMLDocumentFragment()" + "value": "org.owasp.esapi.Encoder.encodeForXML(java.lang.String)" }, { "command": "", @@ -9355,40 +9535,15 @@ "stack_blacklist": [], "system_type": 1, "tags": [ - "html-encoded" + "xml-encoded" ], "target": "R", "track": "false", "type": 1, "untags": [ - "html-decoded" + "xml-decoded" ], - "value": "org.owasp.validator.html.scan.AbstractAntiSamyScanner.scan(java.lang.String)" - } - ], - "enable": 1, - "type": 1, - "value": "owasp-esapi" - }, - { - "details": [ - { - "command": "", - "created_by": 1, - "enable": 1, - "ignore_blacklist": false, - "ignore_internal": false, - "inherit": "all", - "language": 1, - "source": "P2", - "stack_blacklist": [], - "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "java.io.File.(java.io.File,java.lang.String)" + "value": "org.owasp.esapi.Encoder.encodeForXMLAttribute(java.lang.String)" }, { "command": "", @@ -9396,17 +9551,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "java.io.File.(java.lang.String)" + "tags": [ + "xpath-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "xpath-decoded" + ], + "value": "org.owasp.esapi.Encoder.encodeForXPath(java.lang.String)" }, { "command": "", @@ -9414,17 +9573,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "P1,2", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "java.io.File.(java.lang.String,java.lang.String)" + "tags": [ + "base64-decoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "base64-encoded" + ], + "value": "org.owasp.esapi.codecs.Base64.decode(byte[],int,int,int)" }, { "command": "", @@ -9432,17 +9595,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "java.io.File.(java.net.URI)" + "tags": [ + "base64-decoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "base64-encoded" + ], + "value": "org.owasp.esapi.codecs.Base64.decode(java.lang.String)" }, { "command": "", @@ -9450,17 +9617,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "P1,2", + "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "java.nio.file.FileSystem.getPath(java.lang.String,java.lang.String[])" + "tags": [ + "base64-decoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "base64-encoded" + ], + "value": "org.owasp.esapi.codecs.Base64.decode(java.lang.String,int)" }, { "command": "", @@ -9468,17 +9639,21 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "java.nio.file.spi.FileSystemProvider.getFileSystem(java.net.URI)" + "tags": [ + "base64-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "base64-decoded" + ], + "value": "org.owasp.esapi.codecs.Base64.encodeBytes(byte[])" }, { "command": "", @@ -9486,25 +9661,22 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "java.nio.file.spi.FileSystemProvider.newFileSystem(java.net.URI,java.util.Map)" - } - ], - "enable": 1, - "type": 4, - "value": "path-traversal" - }, - { - "details": [ + "tags": [ + "base64-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "base64-decoded" + ], + "value": "org.owasp.esapi.codecs.Base64.encodeBytes(byte[],int)" + }, { "command": "", "created_by": 1, @@ -9516,12 +9688,16 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "java.util.regex.Pattern.matcher(java.lang.CharSequence)" + "tags": [ + "base64-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "base64-decoded" + ], + "value": "org.owasp.esapi.codecs.Base64.encodeBytes(byte[],int,int)" }, { "command": "", @@ -9534,17 +9710,109 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "jregex.Pattern.matcher(java.lang.String)" + "tags": [ + "base64-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "base64-decoded" + ], + "value": "org.owasp.esapi.codecs.Base64.encodeBytes(byte[],int,int,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [ + "html-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "html-decoded" + ], + "value": "org.owasp.html.PolicyFactory.sanitize(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "O", + "stack_blacklist": [], + "system_type": 1, + "tags": [ + "html-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "html-decoded" + ], + "value": "org.owasp.validator.html.CleanResults.getCleanHTML()" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "O", + "stack_blacklist": [], + "system_type": 1, + "tags": [ + "html-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "html-decoded" + ], + "value": "org.owasp.validator.html.CleanResults.getCleanXMLDocumentFragment()" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [ + "html-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "html-decoded" + ], + "value": "org.owasp.validator.html.scan.AbstractAntiSamyScanner.scan(java.lang.String)" } ], "enable": 1, - "type": 4, - "value": "redos" + "type": 1, + "value": "owasp-esapi" }, { "details": [ @@ -9554,7 +9822,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P2", "stack_blacklist": [], @@ -9564,7 +9832,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.github.mustachejava.codes.ValueCode.execute(java.io.Writer,java.lang.String)" + "value": "java.io.File.(java.io.File,java.lang.String)" }, { "command": "", @@ -9572,17 +9840,20 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "org.owasp.esapi.reference.DefaultValidator.isValidDirectoryPath", + "org.owasp.esapi.reference.DefaultValidator.isValidFileName" + ], "system_type": 1, "tags": [], "target": "", "track": "true", "type": 4, "untags": [], - "value": "com.sun.faces.renderkit.html_basic.HtmlResponseWriter.write(java.lang.String)" + "value": "java.io.File.(java.lang.String)" }, { "command": "", @@ -9592,7 +9863,7 @@ "ignore_internal": false, "inherit": "all", "language": 1, - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9600,7 +9871,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.ServletOutputStream.print(java.lang.String)" + "value": "java.io.File.(java.lang.String,java.lang.String)" }, { "command": "", @@ -9618,7 +9889,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.ServletOutputStream.println(java.lang.String)" + "value": "java.io.File.(java.net.URI)" }, { "command": "", @@ -9626,9 +9897,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P1&P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9636,7 +9907,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.ServletOutputStream.write(byte[])" + "value": "java.io.File.createTempFile(java.lang.String,java.lang.String,java.io.File)" }, { "command": "", @@ -9644,7 +9915,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -9654,7 +9925,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.ServletOutputStream.write(byte[],int,int)" + "value": "java.io.FileInputStream.(java.lang.String)" }, { "command": "", @@ -9672,7 +9943,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.format(java.lang.String,java.lang.Object[])" + "value": "java.nio.file.FileSystem.getPath(java.lang.String,java.lang.String[])" }, { "command": "", @@ -9680,9 +9951,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2,3", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9690,7 +9961,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.format(java.util.Locale,java.lang.String,java.lang.Object[])" + "value": "java.nio.file.spi.FileSystemProvider.getFileSystem(java.net.URI)" }, { "command": "", @@ -9698,7 +9969,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -9708,25 +9979,35 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.print(char[])" - }, + "value": "java.nio.file.spi.FileSystemProvider.newFileSystem(java.net.URI,java.util.Map)" + } + ], + "enable": 1, + "type": 4, + "value": "path-traversal" + }, + { + "details": [ { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "org.springframework.web.util.UriComponentsBuilder.fromOriginHeader", + "org.springframework.web.util.UriComponentsBuilder.fromUriString" + ], "system_type": 1, "tags": [], "target": "", "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.print(java.lang.Object)" + "value": "java.util.regex.Pattern.matcher(java.lang.CharSequence)" }, { "command": "", @@ -9734,7 +10015,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -9744,17 +10025,24 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.print(java.lang.String)" - }, + "value": "jregex.Pattern.matcher(java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "redos" + }, + { + "details": [ { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "P1,2", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9762,7 +10050,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.printf(java.lang.String,java.lang.Object[])" + "value": "com.github.mustachejava.codes.ValueCode.execute(java.io.Writer,java.lang.String)" }, { "command": "", @@ -9770,9 +10058,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "P2,3", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9780,7 +10068,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.printf(java.util.Locale,java.lang.String,java.lang.Object[])" + "value": "com.sun.faces.renderkit.html_basic.HtmlResponseWriter.write(java.lang.String)" }, { "command": "", @@ -9798,7 +10086,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.println(char[])" + "value": "jakarta.servlet.ServletOutputStream.print(java.lang.String)" }, { "command": "", @@ -9816,7 +10104,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.println(java.lang.Object)" + "value": "jakarta.servlet.ServletOutputStream.println(java.lang.String)" }, { "command": "", @@ -9834,7 +10122,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.println(java.lang.String)" + "value": "jakarta.servlet.ServletOutputStream.write(byte[])" }, { "command": "", @@ -9852,7 +10140,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.write(char[])" + "value": "jakarta.servlet.ServletOutputStream.write(byte[],int,int)" }, { "command": "", @@ -9862,7 +10150,7 @@ "ignore_internal": false, "inherit": "all", "language": 1, - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9870,7 +10158,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.write(char[],int,int)" + "value": "java.io.PrintWriter.format(java.lang.String,java.lang.Object[])" }, { "command": "", @@ -9880,7 +10168,7 @@ "ignore_internal": false, "inherit": "all", "language": 1, - "source": "P1", + "source": "P2,3", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9888,7 +10176,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.write(java.lang.String)" + "value": "java.io.PrintWriter.format(java.util.Locale,java.lang.String,java.lang.Object[])" }, { "command": "", @@ -9906,7 +10194,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.io.PrintWriter.write(java.lang.String,int,int)" + "value": "java.io.PrintWriter.print(char[])" }, { "command": "", @@ -9924,7 +10212,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.ServletOutputStream.print(java.lang.String)" + "value": "java.io.PrintWriter.print(java.lang.Object)" }, { "command": "", @@ -9942,7 +10230,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.ServletOutputStream.println(java.lang.String)" + "value": "java.io.PrintWriter.print(java.lang.String)" }, { "command": "", @@ -9952,7 +10240,7 @@ "ignore_internal": false, "inherit": "all", "language": 1, - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9960,7 +10248,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.ServletOutputStream.write(byte[])" + "value": "java.io.PrintWriter.printf(java.lang.String,java.lang.Object[])" }, { "command": "", @@ -9970,7 +10258,7 @@ "ignore_internal": false, "inherit": "all", "language": 1, - "source": "P1", + "source": "P2,3", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -9978,7 +10266,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.ServletOutputStream.write(byte[],int,int)" + "value": "java.io.PrintWriter.printf(java.util.Locale,java.lang.String,java.lang.Object[])" }, { "command": "", @@ -9996,7 +10284,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.jsp.JspWriter.print(java.lang.String)" + "value": "java.io.PrintWriter.println(char[])" }, { "command": "", @@ -10014,7 +10302,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.jsp.JspWriter.println(java.lang.String)" + "value": "java.io.PrintWriter.println(java.lang.Object)" }, { "command": "", @@ -10032,7 +10320,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.jsp.JspWriter.write(char[])" + "value": "java.io.PrintWriter.println(java.lang.String)" }, { "command": "", @@ -10050,7 +10338,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.jsp.JspWriter.write(char[],int,int)" + "value": "java.io.PrintWriter.write(char[])" }, { "command": "", @@ -10068,7 +10356,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.jsp.JspWriter.write(java.lang.String)" + "value": "java.io.PrintWriter.write(char[],int,int)" }, { "command": "", @@ -10086,7 +10374,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.jsp.JspWriter.write(java.lang.String,int,int)" + "value": "java.io.PrintWriter.write(java.lang.String)" }, { "command": "", @@ -10094,7 +10382,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10104,7 +10392,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.tapestry5.internal.services.MarkupWriterImpl.writeRaw(java.lang.String)" + "value": "java.io.PrintWriter.write(java.lang.String,int,int)" }, { "command": "", @@ -10112,7 +10400,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10122,7 +10410,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.glassfish.jersey.message.internal.AbstractMessageReaderWriterProvider.writeToAsString(java.lang.String,java.io.OutputStream,javax.ws.rs.core.MediaType)" + "value": "javax.servlet.ServletOutputStream.print(java.lang.String)" }, { "command": "", @@ -10130,7 +10418,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10140,7 +10428,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.glassfish.jersey.message.internal.ByteArrayProvider.writeTo(byte[],java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + "value": "javax.servlet.ServletOutputStream.println(java.lang.String)" }, { "command": "", @@ -10148,7 +10436,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10158,7 +10446,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.glassfish.jersey.message.internal.DataSourceProvider.writeTo(javax.activation.DataSource,java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + "value": "javax.servlet.ServletOutputStream.write(byte[])" }, { "command": "", @@ -10166,7 +10454,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10176,7 +10464,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.glassfish.jersey.message.internal.FileProvider.writeTo(java.io.File,java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + "value": "javax.servlet.ServletOutputStream.write(byte[],int,int)" }, { "command": "", @@ -10184,7 +10472,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10194,7 +10482,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.glassfish.jersey.message.internal.InputStreamProvider.writeTo(java.io.InputStream,java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + "value": "javax.servlet.jsp.JspWriter.print(java.lang.String)" }, { "command": "", @@ -10202,7 +10490,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10212,7 +10500,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.glassfish.jersey.message.internal.ReaderProvider.writeTo(java.io.Reader,java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + "value": "javax.servlet.jsp.JspWriter.println(java.lang.String)" }, { "command": "", @@ -10220,7 +10508,207 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.servlet.jsp.JspWriter.write(char[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [ + "OutSupport.writeEscapedXml" + ], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.servlet.jsp.JspWriter.write(char[],int,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.servlet.jsp.JspWriter.write(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.servlet.jsp.JspWriter.write(java.lang.String,int,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "org.apache.tapestry5.internal.services.MarkupWriterImpl.writeRaw(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "org.glassfish.jersey.message.internal.AbstractMessageReaderWriterProvider.writeToAsString(java.lang.String,java.io.OutputStream,javax.ws.rs.core.MediaType)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "org.glassfish.jersey.message.internal.ByteArrayProvider.writeTo(byte[],java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "org.glassfish.jersey.message.internal.DataSourceProvider.writeTo(javax.activation.DataSource,java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "org.glassfish.jersey.message.internal.FileProvider.writeTo(java.io.File,java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "org.glassfish.jersey.message.internal.InputStreamProvider.writeTo(java.io.InputStream,java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "org.glassfish.jersey.message.internal.ReaderProvider.writeTo(java.io.Reader,java.lang.Class,java.lang.reflect.Type,java.lang.annotation.Annotation[],javax.ws.rs.core.MediaType,javax.ws.rs.core.MultivaluedMap,java.io.OutputStream)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10441,7 +10929,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10451,7 +10939,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.Message.setFrom(javax.mail.Address)" + "value": "jakarta.mail.Message.setFrom(jakarta.mail.Address)" }, { "command": "", @@ -10459,9 +10947,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P1,2", + "source": "P1&P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -10469,7 +10957,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.Message.setHeader(java.lang.String,java.lang.String)" + "value": "jakarta.mail.Message.setHeader(java.lang.String,java.lang.String)" }, { "command": "", @@ -10477,7 +10965,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P2", "stack_blacklist": [], @@ -10487,7 +10975,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.Message.setRecipient(javax.mail.Message.RecipientType,javax.mail.Address)" + "value": "jakarta.mail.Message.setRecipient(jakarta.mail.Message.RecipientType,jakarta.mail.Address)" }, { "command": "", @@ -10495,7 +10983,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10505,7 +10993,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.Message.setSubject(java.lang.String)" + "value": "jakarta.mail.Message.setSubject(java.lang.String)" }, { "command": "", @@ -10513,7 +11001,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10523,7 +11011,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.Part.setText(java.lang.String)" + "value": "jakarta.mail.Part.setText(java.lang.String)" }, { "command": "", @@ -10531,9 +11019,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P1,2", + "source": "P1&P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -10541,7 +11029,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.internet.InternetHeaders.addHeader(java.lang.String,java.lang.String)" + "value": "jakarta.mail.internet.InternetHeaders.addHeader(java.lang.String,java.lang.String)" }, { "command": "", @@ -10549,7 +11037,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -10559,7 +11047,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.internet.InternetHeaders.addHeaderLine(java.lang.String)" + "value": "jakarta.mail.internet.InternetHeaders.addHeaderLine(java.lang.String)" }, { "command": "", @@ -10567,9 +11055,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P1,2", + "source": "P1&P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -10577,7 +11065,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.internet.InternetHeaders.setHeader(java.lang.String,java.lang.String)" + "value": "jakarta.mail.internet.InternetHeaders.setHeader(java.lang.String,java.lang.String)" }, { "command": "", @@ -10585,7 +11073,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P2", "stack_blacklist": [], @@ -10595,7 +11083,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.internet.MimeBodyPart.setText(javax.mail.internet.MimePart,java.lang.String,java.lang.String,java.lang.String)" + "value": "jakarta.mail.internet.MimeBodyPart.setText(jakarta.mail.internet.MimePart,java.lang.String,java.lang.String,java.lang.String)" }, { "command": "", @@ -10603,7 +11091,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P2", "stack_blacklist": [], @@ -10613,7 +11101,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.internet.MimeMessage.setRecipients(javax.mail.Message.RecipientType,java.lang.String)" + "value": "jakarta.mail.internet.MimeMessage.setRecipients(jakarta.mail.Message.RecipientType,java.lang.String)" }, { "command": "", @@ -10621,9 +11109,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P1&P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -10631,32 +11119,230 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.mail.internet.MimeMessage.setSubject(java.lang.String,java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "smtp-injection" - }, - { - "details": [ + "value": "jakarta.mail.internet.MimeMessage.setSubject(java.lang.String,java.lang.String)" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.springframework.expression.ExpressionParser.parseExpression(java.lang.String)" + "value": "javax.mail.Message.setFrom(javax.mail.Address)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1&P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.Message.setHeader(java.lang.String,java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.Message.setRecipient(javax.mail.Message.RecipientType,javax.mail.Address)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.Message.setSubject(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.Part.setText(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1&P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.internet.InternetHeaders.addHeader(java.lang.String,java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.internet.InternetHeaders.addHeaderLine(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1&P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.internet.InternetHeaders.setHeader(java.lang.String,java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.internet.MimeBodyPart.setText(javax.mail.internet.MimePart,java.lang.String,java.lang.String,java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.internet.MimeMessage.setRecipients(javax.mail.Message.RecipientType,java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1&P2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.mail.internet.MimeMessage.setSubject(java.lang.String,java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "smtp-injection" + }, + { + "details": [ + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "R", + "track": "", + "type": 1, + "untags": [], + "value": "org.springframework.expression.ExpressionParser.parseExpression(java.lang.String)" }, { "command": "", @@ -11364,21 +12050,552 @@ "source": "P1", "stack_blacklist": [], "system_type": 1, - "tags": [ - "base64-encoded" - ], - "target": "R", - "track": "false", - "type": 1, - "untags": [ - "base64-decoded" - ], - "value": "org.springframework.webflow.util.Base64.encodeToString(java.lang.String)" + "tags": [ + "base64-encoded" + ], + "target": "R", + "track": "false", + "type": 1, + "untags": [ + "base64-decoded" + ], + "value": "org.springframework.webflow.util.Base64.encodeToString(java.lang.String)" + } + ], + "enable": 1, + "type": 1, + "value": "spring" + }, + { + "details": [ + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "jakarta.persistence.EntityManager.createNativeQuery(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "jakarta.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.Class)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "jakarta.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareCall(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareCall(java.lang.String,int,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareCall(java.lang.String,int,int,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,int,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,int,int,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,int[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,java.lang.String[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.addBatch(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.execute(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.execute(java.lang.String,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.execute(java.lang.String,int[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.execute(java.lang.String,java.lang.String[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeLargeUpdate(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,int[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,java.lang.String[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeQuery(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [ + "org.mariadb.jdbc.MariaDbConnection.setAutoCommit" + ], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeUpdate(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeUpdate(java.lang.String,int)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeUpdate(java.lang.String,int[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "java.sql.Statement.executeUpdate(java.lang.String,java.lang.String[])" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.persistence.EntityManager.createNativeQuery(java.lang.String)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.Class)" + }, + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "language": 1, + "source": "P1", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "javax.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.String)" } ], "enable": 1, - "type": 1, - "value": "spring" + "type": 4, + "value": "sql-injection" }, { "details": [ @@ -11388,9 +12605,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11398,7 +12615,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.persistence.EntityManager.createNativeQuery(java.lang.String)" + "value": "com.squareup.okhttp.Call.enqueue(com.squareup.okhttp.Callback)" }, { "command": "", @@ -11406,9 +12623,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11416,7 +12633,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareCall(java.lang.String)" + "value": "com.squareup.okhttp.Call.execute()" }, { "command": "", @@ -11424,9 +12641,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11434,7 +12651,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareCall(java.lang.String,int,int)" + "value": "okhttp3.Call.enqueue(okhttp3.Callback)" }, { "command": "", @@ -11442,9 +12659,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11452,7 +12669,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareCall(java.lang.String,int,int,int)" + "value": "okhttp3.Call.execute()" }, { "command": "", @@ -11460,7 +12677,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11470,7 +12687,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String)" + "value": "org.apache.commons.httpclient.HttpMethodBase.setURI(org.apache.commons.httpclient.URI)" }, { "command": "", @@ -11478,9 +12695,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11488,7 +12705,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,int)" + "value": "org.apache.hc.client5.http.impl.classic.CloseableHttpClient.doExecute(org.apache.hc.core5.http.HttpHost,org.apache.hc.core5.http.ClassicHttpRequest,org.apache.hc.core5.http.protocol.HttpContext)" }, { "command": "", @@ -11496,9 +12713,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11506,7 +12723,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,int,int)" + "value": "org.apache.http.impl.client.CloseableHttpClient.doExecute(org.apache.http.HttpHost,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)" }, { "command": "", @@ -11514,9 +12731,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11524,7 +12741,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,int,int,int)" + "value": "sun.net.www.protocol.http.HttpURLConnection.connect()" }, { "command": "", @@ -11532,9 +12749,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11542,17 +12759,24 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,int[])" - }, + "value": "sun.net.www.protocol.http.HttpURLConnection.getInputStream()" + } + ], + "enable": 1, + "type": 4, + "value": "ssrf" + }, + { + "details": [ { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11560,7 +12784,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,java.lang.String[])" + "value": "coldfusion.runtime.SessionScope.bind(java.lang.String,java.lang.Object)" }, { "command": "", @@ -11570,7 +12794,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "P1&P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11578,7 +12802,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.addBatch(java.lang.String)" + "value": "jakarta.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object)" }, { "command": "", @@ -11588,7 +12812,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11596,7 +12820,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.execute(java.lang.String)" + "value": "jakarta.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object)" }, { "command": "", @@ -11606,7 +12830,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11614,7 +12838,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.execute(java.lang.String,int)" + "value": "javax.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object)" }, { "command": "", @@ -11624,7 +12848,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11632,7 +12856,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.execute(java.lang.String,int[])" + "value": "javax.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object)" }, { "command": "", @@ -11640,9 +12864,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11650,7 +12874,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.execute(java.lang.String,java.lang.String[])" + "value": "org.apache.struts2.dispatcher.SessionMap.put(java.lang.Object,java.lang.Object)" }, { "command": "", @@ -11658,7 +12882,32 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", + "language": 1, + "source": "P1,2", + "stack_blacklist": [], + "system_type": 1, + "tags": [], + "target": "", + "track": "true", + "type": 4, + "untags": [], + "value": "play.mvc.Http$Session.put(java.lang.String,java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "trust-boundary-violation" + }, + { + "details": [ + { + "command": "", + "created_by": 1, + "enable": 1, + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11668,7 +12917,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeLargeUpdate(java.lang.String)" + "value": "com.alibaba.fastjson.JSON.parse(java.lang.String)" }, { "command": "", @@ -11676,7 +12925,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11686,7 +12935,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,int)" + "value": "com.alibaba.fastjson.JSON.parse(java.lang.String,int)" }, { "command": "", @@ -11694,7 +12943,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11704,7 +12953,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,int[])" + "value": "com.alibaba.fastjson.JSON.parseObject(java.lang.String)" }, { "command": "", @@ -11712,9 +12961,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11722,7 +12971,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,java.lang.String[])" + "value": "com.caucho.hessian.io.HessianInput.readObject()" }, { "command": "", @@ -11730,7 +12979,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11740,7 +12989,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeQuery(java.lang.String)" + "value": "com.esotericsoftware.kryo.Kryo.readClassAndObject(com.esotericsoftware.kryo.io.Input)" }, { "command": "", @@ -11748,7 +12997,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11758,7 +13007,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeUpdate(java.lang.String)" + "value": "com.esotericsoftware.kryo.Kryo.readObject(com.esotericsoftware.kryo.io.Input,java.lang.Class)" }, { "command": "", @@ -11766,7 +13015,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11776,7 +13025,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeUpdate(java.lang.String,int)" + "value": "com.esotericsoftware.kryo.Kryo.readObject(com.esotericsoftware.kryo.io.Input,java.lang.Class,com.esotericsoftware.kryo.Serializer)" }, { "command": "", @@ -11784,7 +13033,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11794,7 +13043,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeUpdate(java.lang.String,int[])" + "value": "com.esotericsoftware.kryo.Kryo.readObjectOrNull(com.esotericsoftware.kryo.io.Input,java.lang.Class)" }, { "command": "", @@ -11802,7 +13051,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11812,7 +13061,7 @@ "track": "true", "type": 4, "untags": [], - "value": "java.sql.Statement.executeUpdate(java.lang.String,java.lang.String[])" + "value": "com.esotericsoftware.kryo.Kryo.readObjectOrNull(com.esotericsoftware.kryo.io.Input,java.lang.Class,com.esotericsoftware.kryo.Serializer)" }, { "command": "", @@ -11820,7 +13069,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11830,15 +13079,8 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "sql-injection" - }, - { - "details": [ + "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.InputStream)" + }, { "command": "", "created_by": 1, @@ -11847,7 +13089,7 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11855,7 +13097,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.squareup.okhttp.Call.enqueue(com.squareup.okhttp.Callback)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.InputStream,java.lang.Object)" }, { "command": "", @@ -11865,7 +13107,7 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11873,7 +13115,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.squareup.okhttp.Call.execute()" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.Reader)" }, { "command": "", @@ -11881,9 +13123,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11891,7 +13133,7 @@ "track": "true", "type": 4, "untags": [], - "value": "okhttp3.Call.enqueue(okhttp3.Callback)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.Reader,java.lang.Object)" }, { "command": "", @@ -11899,9 +13141,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11909,7 +13151,7 @@ "track": "true", "type": 4, "untags": [], - "value": "okhttp3.Call.execute()" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.lang.String)" }, { "command": "", @@ -11917,7 +13159,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -11927,7 +13169,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.commons.httpclient.HttpMethodBase.setURI(org.apache.commons.httpclient.URI)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.lang.String,java.lang.Object)" }, { "command": "", @@ -11935,9 +13177,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11945,7 +13187,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.hc.client5.http.impl.classic.CloseableHttpClient.doExecute(org.apache.hc.core5.http.HttpHost,org.apache.hc.core5.http.ClassicHttpRequest,org.apache.hc.core5.http.protocol.HttpContext)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.net.URL)" }, { "command": "", @@ -11953,9 +13195,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -11963,7 +13205,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.http.impl.client.CloseableHttpClient.doExecute(org.apache.http.HttpHost,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.net.URL,java.lang.Object)" }, { "command": "", @@ -11971,7 +13213,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "O", "stack_blacklist": [], @@ -11981,7 +13223,7 @@ "track": "true", "type": 4, "untags": [], - "value": "sun.net.www.protocol.http.HttpURLConnection.connect()" + "value": "java.io.ObjectInput.readObject()" }, { "command": "", @@ -11989,7 +13231,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "O", "stack_blacklist": [], @@ -11999,12 +13241,12 @@ "track": "true", "type": 4, "untags": [], - "value": "sun.net.www.protocol.http.HttpURLConnection.getInputStream()" + "value": "java.io.ObjectInputStream.readObject()" } ], "enable": 1, "type": 4, - "value": "ssrf" + "value": "unsafe-json-deserialize" }, { "details": [ @@ -12014,9 +13256,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1,2", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12024,17 +13266,24 @@ "track": "true", "type": 4, "untags": [], - "value": "coldfusion.runtime.SessionScope.bind(java.lang.String,java.lang.Object)" - }, + "value": "java.io.BufferedReader.readLine()" + } + ], + "enable": 1, + "type": 4, + "value": "unsafe-readline" + }, + { + "details": [ { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1,2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12042,7 +13291,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object)" + "value": "java.beans.XMLDecoder.(java.io.InputStream)" }, { "command": "", @@ -12050,9 +13299,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1,2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12060,7 +13309,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object)" + "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object)" }, { "command": "", @@ -12068,9 +13317,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1,2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12078,7 +13327,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object)" + "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object,java.beans.ExceptionListener)" }, { "command": "", @@ -12086,9 +13335,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1,2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12096,7 +13345,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.struts2.dispatcher.SessionMap.put(java.lang.Object,java.lang.Object)" + "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object,java.beans.ExceptionListener,java.lang.ClassLoader)" }, { "command": "", @@ -12104,9 +13353,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, - "source": "P1,2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12114,12 +13363,12 @@ "track": "true", "type": 4, "untags": [], - "value": "play.mvc.Http$Session.put(java.lang.String,java.lang.String)" + "value": "java.beans.XMLDecoder.(org.xml.sax.InputSource)" } ], "enable": 1, "type": 4, - "value": "trust-boundary-violation" + "value": "unsafe-xml-decode" }, { "details": [ @@ -12129,7 +13378,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12139,7 +13388,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.alibaba.fastjson.JSON.parse(java.lang.String)" + "value": "jakarta.servlet.ServletContext.getRequestDispatcher(java.lang.String)" }, { "command": "", @@ -12147,7 +13396,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12157,7 +13406,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.alibaba.fastjson.JSON.parse(java.lang.String,int)" + "value": "jakarta.servlet.jsp.PageContext.forward(java.lang.String)" }, { "command": "", @@ -12165,7 +13414,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12175,7 +13424,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.alibaba.fastjson.JSON.parseObject(java.lang.String)" + "value": "javax.servlet.ServletContext.getRequestDispatcher(java.lang.String)" }, { "command": "", @@ -12185,7 +13434,7 @@ "ignore_internal": false, "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12193,17 +13442,24 @@ "track": "true", "type": 4, "untags": [], - "value": "com.caucho.hessian.io.HessianInput.readObject()" - }, + "value": "javax.servlet.jsp.PageContext.forward(java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "unvalidated-forward" + }, + { + "details": [ { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P4", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12211,7 +13467,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readClassAndObject(com.esotericsoftware.kryo.io.Input)" + "value": "io.netty.handler.codec.http.DefaultHttpHeaders.add0(int,int,java.lang.CharSequence,java.lang.CharSequence)" }, { "command": "", @@ -12219,9 +13475,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12229,7 +13485,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readObject(com.esotericsoftware.kryo.io.Input,java.lang.Class)" + "value": "jakarta.servlet.http.HttpServletResponse.addHeader(java.lang.String,java.lang.String)" }, { "command": "", @@ -12237,7 +13493,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12247,7 +13503,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readObject(com.esotericsoftware.kryo.io.Input,java.lang.Class,com.esotericsoftware.kryo.Serializer)" + "value": "jakarta.servlet.http.HttpServletResponse.sendRedirect(java.lang.String)" }, { "command": "", @@ -12255,9 +13511,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12265,7 +13521,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readObjectOrNull(com.esotericsoftware.kryo.io.Input,java.lang.Class)" + "value": "jakarta.servlet.http.HttpServletResponse.setHeader(java.lang.String,java.lang.String)" }, { "command": "", @@ -12273,7 +13529,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12283,7 +13539,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readObjectOrNull(com.esotericsoftware.kryo.io.Input,java.lang.Class,com.esotericsoftware.kryo.Serializer)" + "value": "jakarta.ws.rs.core.Response.temporaryRedirect(java.net.URI)" }, { "command": "", @@ -12291,9 +13547,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12301,7 +13557,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.InputStream)" + "value": "javax.servlet.http.HttpServletResponse.addHeader(java.lang.String,java.lang.String)" }, { "command": "", @@ -12309,7 +13565,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12319,7 +13575,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.InputStream,java.lang.Object)" + "value": "javax.servlet.http.HttpServletResponse.sendRedirect(java.lang.String)" }, { "command": "", @@ -12327,9 +13583,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12337,7 +13593,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.Reader)" + "value": "javax.servlet.http.HttpServletResponse.setHeader(java.lang.String,java.lang.String)" }, { "command": "", @@ -12345,7 +13601,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12355,7 +13611,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.Reader,java.lang.Object)" + "value": "javax.ws.rs.core.Response.temporaryRedirect(java.net.URI)" }, { "command": "", @@ -12363,7 +13619,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12373,7 +13629,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.lang.String)" + "value": "org.glassfish.grizzly.http.server.Response.sendRedirect(java.lang.String)" }, { "command": "", @@ -12381,7 +13637,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12391,8 +13647,15 @@ "track": "true", "type": 4, "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.lang.String,java.lang.Object)" - }, + "value": "play.mvc.Results.redirect(java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "unvalidated-redirect" + }, + { + "details": [ { "command": "", "created_by": 1, @@ -12405,11 +13668,11 @@ "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.net.URL)" + "value": "org.xml.sax.InputSource.(java.io.InputStream)" }, { "command": "", @@ -12423,11 +13686,11 @@ "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.net.URL,java.lang.Object)" + "value": "org.xml.sax.InputSource.(java.io.Reader)" }, { "command": "", @@ -12435,17 +13698,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, - "source": "O", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "java.io.ObjectInput.readObject()" + "value": "org.xml.sax.InputSource.(java.lang.String)" }, { "command": "", @@ -12453,67 +13716,53 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "R", + "track": "", + "type": 1, "untags": [], - "value": "java.io.ObjectInputStream.readObject()" - } - ], - "enable": 1, - "type": 4, - "value": "unsafe-json-deserialize" - }, - { - "details": [ + "value": "org.xml.sax.InputSource.getByteStream()" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "language": 1, "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "R", + "track": "", + "type": 1, "untags": [], - "value": "java.io.BufferedReader.readLine()" - } - ], - "enable": 1, - "type": 4, - "value": "unsafe-readline" - }, - { - "details": [ + "value": "org.xml.sax.InputSource.getCharacterStream()" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, - "source": "P1", + "source": "O", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "R", + "track": "", + "type": 1, "untags": [], - "value": "java.beans.XMLDecoder.(java.io.InputStream)" + "value": "org.xml.sax.InputSource.getSystemId()" }, { "command": "", @@ -12521,17 +13770,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object)" + "value": "org.xml.sax.InputSource.setByteStream(java.io.InputStream)" }, { "command": "", @@ -12539,17 +13788,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "O", + "track": "", + "type": 1, "untags": [], - "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object,java.beans.ExceptionListener)" + "value": "org.xml.sax.InputSource.setCharacterStream(java.io.Reader)" }, { "command": "", @@ -12557,22 +13806,22 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "", - "track": "true", - "type": 4, + "target": "O", + "track": "false", + "type": 1, "untags": [], - "value": "java.beans.XMLDecoder.(org.xml.sax.InputSource)" + "value": "org.xml.sax.InputSource.setSystemId(java.lang.String)" } ], "enable": 1, - "type": 4, - "value": "unsafe-xml-decode" + "type": 1, + "value": "xml.sax" }, { "details": [ @@ -12582,7 +13831,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12592,7 +13841,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.ServletContext.getRequestDispatcher(java.lang.String)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.compile(java.lang.String)" }, { "command": "", @@ -12600,7 +13849,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12610,7 +13859,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.jsp.PageContext.forward(java.lang.String)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.eval(java.lang.String,java.lang.Object)" }, { "command": "", @@ -12618,7 +13867,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12628,7 +13877,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.ServletContext.getRequestDispatcher(java.lang.String)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object)" }, { "command": "", @@ -12636,7 +13885,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12646,24 +13895,17 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.jsp.PageContext.forward(java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "unvalidated-forward" - }, - { - "details": [ + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P4", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12671,7 +13913,7 @@ "track": "true", "type": 4, "untags": [], - "value": "io.netty.handler.codec.http.DefaultHttpHeaders.add0(int,int,java.lang.CharSequence,java.lang.CharSequence)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource)" }, { "command": "", @@ -12679,9 +13921,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12689,7 +13931,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.http.HttpServletResponse.addHeader(java.lang.String,java.lang.String)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" }, { "command": "", @@ -12707,7 +13949,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.http.HttpServletResponse.sendRedirect(java.lang.String)" + "value": "jakarta.xml.xpath.XPath.compile(java.lang.String)" }, { "command": "", @@ -12717,7 +13959,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12725,7 +13967,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.servlet.http.HttpServletResponse.setHeader(java.lang.String,java.lang.String)" + "value": "jakarta.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object)" }, { "command": "", @@ -12743,7 +13985,7 @@ "track": "true", "type": 4, "untags": [], - "value": "jakarta.ws.rs.core.Response.temporaryRedirect(java.net.URI)" + "value": "jakarta.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object,jakarta.xml.namespace.QName)" }, { "command": "", @@ -12753,7 +13995,7 @@ "ignore_internal": false, "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12761,7 +14003,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.http.HttpServletResponse.addHeader(java.lang.String,java.lang.String)" + "value": "jakarta.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource)" }, { "command": "", @@ -12779,7 +14021,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.http.HttpServletResponse.sendRedirect(java.lang.String)" + "value": "jakarta.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource,jakarta.xml.namespace.QName)" }, { "command": "", @@ -12787,9 +14029,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12797,7 +14039,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.servlet.http.HttpServletResponse.setHeader(java.lang.String,java.lang.String)" + "value": "javax.xml.xpath.XPath.compile(java.lang.String)" }, { "command": "", @@ -12805,9 +14047,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, - "source": "P1", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -12815,7 +14057,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.ws.rs.core.Response.temporaryRedirect(java.net.URI)" + "value": "javax.xml.xpath.XPath.eval(org.w3c.dom.Node,java.lang.String)" }, { "command": "", @@ -12823,7 +14065,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12833,7 +14075,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.glassfish.grizzly.http.server.Response.sendRedirect(java.lang.String)" + "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object)" }, { "command": "", @@ -12841,7 +14083,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], @@ -12851,32 +14093,25 @@ "track": "true", "type": 4, "untags": [], - "value": "play.mvc.Results.redirect(java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "unvalidated-redirect" - }, - { - "details": [ + "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + }, { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.(java.io.InputStream)" + "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource)" }, { "command": "", @@ -12884,17 +14119,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.(java.io.Reader)" + "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" }, { "command": "", @@ -12902,17 +14137,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.(java.lang.String)" + "value": "net.sf.saxon.s9api.XPathCompiler.compile(java.lang.String)" }, { "command": "", @@ -12920,17 +14155,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.getByteStream()" + "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String)" }, { "command": "", @@ -12938,17 +14173,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.getCharacterStream()" + "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String,org.apache.xml.utils.PrefixResolver)" }, { "command": "", @@ -12956,17 +14191,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, - "source": "O", + "source": "P2", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "R", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.getSystemId()" + "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)" }, { "command": "", @@ -12974,17 +14209,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.setByteStream(java.io.InputStream)" + "value": "org.apache.xpath.jaxp.XPathImpl.compile(java.lang.String)" }, { "command": "", @@ -12992,17 +14227,17 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.setCharacterStream(java.io.Reader)" + "value": "org.apache.xpath.jaxp.XPathImpl.eval(java.lang.String,java.lang.Object)" }, { "command": "", @@ -13010,25 +14245,18 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "language": 1, "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], - "target": "O", - "track": "false", - "type": 1, + "target": "", + "track": "true", + "type": 4, "untags": [], - "value": "org.xml.sax.InputSource.setSystemId(java.lang.String)" - } - ], - "enable": 1, - "type": 1, - "value": "xml.sax" - }, - { - "details": [ + "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object)" + }, { "command": "", "created_by": 1, @@ -13045,7 +14273,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.compile(java.lang.String)" + "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" }, { "command": "", @@ -13063,7 +14291,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.eval(java.lang.String,java.lang.Object)" + "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource)" }, { "command": "", @@ -13081,15 +14309,22 @@ "track": "true", "type": 4, "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object)" - }, + "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" + } + ], + "enable": 1, + "type": 4, + "value": "xpath-injection" + }, + { + "details": [ { "command": "", "created_by": 1, "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13099,7 +14334,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.stream.XMLEventReader)" }, { "command": "", @@ -13107,7 +14342,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13117,7 +14352,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.stream.XMLEventReader,java.lang.Class)" }, { "command": "", @@ -13125,7 +14360,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13135,7 +14370,7 @@ "track": "true", "type": 4, "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.stream.XMLStreamReader)" }, { "command": "", @@ -13143,7 +14378,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13153,7 +14388,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.xml.xpath.XPath.compile(java.lang.String)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.stream.XMLStreamReader,java.lang.Class)" }, { "command": "", @@ -13161,9 +14396,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -13171,7 +14406,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.xml.xpath.XPath.eval(org.w3c.dom.Node,java.lang.String)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.transform.Source)" }, { "command": "", @@ -13179,7 +14414,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13189,7 +14424,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.transform.Source,java.lang.Class)" }, { "command": "", @@ -13197,7 +14432,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13207,7 +14442,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(java.io.InputStream)" }, { "command": "", @@ -13215,7 +14450,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13225,7 +14460,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(java.io.Reader)" }, { "command": "", @@ -13233,7 +14468,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13243,7 +14478,7 @@ "track": "true", "type": 4, "untags": [], - "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(org.xml.sax.InputSource)" }, { "command": "", @@ -13251,7 +14486,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13261,7 +14496,7 @@ "track": "true", "type": 4, "untags": [], - "value": "net.sf.saxon.s9api.XPathCompiler.compile(java.lang.String)" + "value": "jakarta.xml.parsers.DocumentBuilder.parse(java.io.InputStream)" }, { "command": "", @@ -13269,9 +14504,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -13279,7 +14514,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String)" + "value": "jakarta.xml.parsers.DocumentBuilder.parse(java.io.InputStream,java.lang.String)" }, { "command": "", @@ -13287,9 +14522,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -13297,7 +14532,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String,org.apache.xml.utils.PrefixResolver)" + "value": "jakarta.xml.parsers.DocumentBuilder.parse(java.lang.String)" }, { "command": "", @@ -13305,9 +14540,9 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, - "source": "P2", + "source": "P1", "stack_blacklist": [], "system_type": 1, "tags": [], @@ -13315,7 +14550,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)" + "value": "jakarta.xml.parsers.DocumentBuilder.parse(org.xml.sax.InputSource)" }, { "command": "", @@ -13323,7 +14558,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13333,7 +14568,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.compile(java.lang.String)" + "value": "jakarta.xml.parsers.SAXParser.parse(java.io.InputStream,org.xml.sax.HandlerBase)" }, { "command": "", @@ -13341,7 +14576,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13351,7 +14586,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.eval(java.lang.String,java.lang.Object)" + "value": "jakarta.xml.parsers.SAXParser.parse(java.io.InputStream,org.xml.sax.HandlerBase,java.lang.String)" }, { "command": "", @@ -13359,7 +14594,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13369,7 +14604,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object)" + "value": "jakarta.xml.parsers.SAXParser.parse(java.io.InputStream,org.xml.sax.helpers.DefaultHandler)" }, { "command": "", @@ -13377,7 +14612,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13387,7 +14622,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + "value": "jakarta.xml.parsers.SAXParser.parse(java.io.InputStream,org.xml.sax.helpers.DefaultHandler,java.lang.String)" }, { "command": "", @@ -13395,7 +14630,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13405,7 +14640,7 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource)" + "value": "jakarta.xml.parsers.SAXParser.parse(org.xml.sax.InputSource,org.xml.sax.HandlerBase)" }, { "command": "", @@ -13413,7 +14648,7 @@ "enable": 1, "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "language": 1, "source": "P1", "stack_blacklist": [], @@ -13423,15 +14658,8 @@ "track": "true", "type": 4, "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" - } - ], - "enable": 1, - "type": 4, - "value": "xpath-injection" - }, - { - "details": [ + "value": "jakarta.xml.parsers.SAXParser.parse(org.xml.sax.InputSource,org.xml.sax.helpers.DefaultHandler)" + }, { "command": "", "created_by": 1, @@ -13567,7 +14795,9 @@ "inherit": "true", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "org.eclipse.persistence.jaxb.rs.MOXyJsonProvider.readFrom" + ], "system_type": 1, "tags": [], "target": "", @@ -13935,24 +15165,6 @@ "type": 4, "untags": [], "value": "nu.xom.Builder.build(java.lang.String)" - }, - { - "command": "", - "created_by": 1, - "enable": 1, - "ignore_blacklist": false, - "ignore_internal": false, - "inherit": "true", - "language": 1, - "source": "P1", - "stack_blacklist": [], - "system_type": 1, - "tags": [], - "target": "", - "track": "true", - "type": 4, - "untags": [], - "value": "org.xml.sax.XMLReader.parse(org.xml.sax.InputSource)" } ], "enable": 1, @@ -14085,7 +15297,9 @@ "inherit": "all", "language": 1, "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "a" + ], "system_type": 1, "tags": [], "target": "", diff --git a/static/data/java_policy.json b/static/data/java_policy.json index ac31bda32..53ebe56a9 100644 --- a/static/data/java_policy.json +++ b/static/data/java_policy.json @@ -321,6 +321,19 @@ }, { "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.naming.Context.lookup(java.lang.String)" + }, { "command": "", "ignore_blacklist": false, @@ -1375,6 +1388,30 @@ "type": 1, "value": "String" }, + { + "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [ + "xml-encoded" + ], + "target": "R", + "track": "false", + "untags": [ + "xml-decoded" + ], + "value": "org.thymeleaf.util.DOMUtils.escapeXml(char[], boolean)" + } + ], + "enable": 1, + "type": 1, + "value": "String" + }, { "details": [ { @@ -2956,6 +2993,32 @@ }, { "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.awt.Desktop.browse(java.net.URI)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.lang.ProcessImpl.start(java.lang.String[],java.util.Map,java.lang.String,boolean)" + }, { "command": "", "ignore_blacklist": false, @@ -3439,10 +3502,14 @@ "ignore_internal": false, "inherit": "false", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "com.ibm.ejs.util.am._Alarm.run", + "com.ibm.crypto.provider.PKCS12KeyStore.engineLoad", + "util.StateUtils.encrypt" + ], "tags": [], "target": "", - "track": "false", + "track": "true", "untags": [], "value": "javax.crypto.Cipher.getInstance(java.lang.String)" }, @@ -3465,10 +3532,12 @@ "ignore_internal": false, "inherit": "false", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "com.ca.siteminder" + ], "tags": [], "target": "", - "track": "false", + "track": "true", "untags": [], "value": "javax.crypto.Cipher.getInstance(java.lang.String,java.security.Provider)" } @@ -3485,10 +3554,43 @@ "ignore_internal": false, "inherit": "false", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "com.mysql.jdbc", + "org.skife.jdbi.v2.Query", + "com.amazonaws.services.s3.AmazonS3Client.putObject", + "com.ibm.crypto.provider.PKCS12KeyStore.engineLoad", + "com.ibm.ws.security.ltpa.LTPAToken2.getBytes", + "com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake", + "com.jcraft.jsch.Session.connect", + "com.microsoft.sqlserver.jdbc.TDSChannel.enableSS", + "com.newrelic.agent", + "com.compuware.apm.agent", + "asset.pipeline.AssetPipeline.serveUncompiledAsset", + "controllers.AssetsBuilder", + "JITCompiler", + "java.security.SecureRandom", + "java.util.jar.JarVerifier", + "javax.crypto.JarVerifier", + "jakarta.crypto.JarVerifier", + "maybeNotModified", + "oracle.jdbc.driver", + "java.security.Signature.initVerify", + "oracle.jdbc.xa.client.OracleXADataSource.getXAConnection", + "org.eclipse.jetty.io.ssl.SslConnection", + "org.springframework.web.client.RestTemplate", + "org.thymeleaf.spring4.view.ThymeleafView.render", + "play.api.libs.Codecs$", + "play.api.mvc.CookieBaker", + "play.router.RoutesCompiler", + "play.PlaySourceGenerators", + "sbt.compiler", + "sbt.inc.Stamp", + "org.jets3t.service.utils.ServiceUtils.signWithHmacSha1", + "org.jboss.resteasy.spi.ResteasyDeployment.start" + ], "tags": [], "target": "", - "track": "false", + "track": "true", "untags": [], "value": "java.security.MessageDigest.getInstance(java.lang.String)" }, @@ -3498,10 +3600,14 @@ "ignore_internal": false, "inherit": "false", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "java.security.SecureRandom", + "java.util.jar.JarVerifier", + "com.microsoft.sqlserver.jdbc.TDSChannel.enableSS" + ], "tags": [], "target": "", - "track": "false", + "track": "true", "untags": [], "value": "java.security.MessageDigest.getInstance(java.lang.String,java.lang.String)" }, @@ -3511,10 +3617,13 @@ "ignore_internal": false, "inherit": "false", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "java.security.SecureRandom", + "java.util.jar.JarVerifier" + ], "tags": [], "target": "", - "track": "false", + "track": "true", "untags": [], "value": "java.security.MessageDigest.getInstance(java.lang.String,java.security.Provider)" } @@ -3569,11 +3678,13 @@ "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "", - "stack_blacklist": [], + "source": "O", + "stack_blacklist": [ + "weblogic.work.IncrementAdvisor.run" + ], "tags": [], "target": "", - "track": "false", + "track": "true", "untags": [], "value": "java.util.Random.nextFloat()" }, @@ -3595,11 +3706,14 @@ "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "", - "stack_blacklist": [], + "source": "O", + "stack_blacklist": [ + "com.google.gson.JsonObject", + "java.util.Hashtable" + ], "tags": [], "target": "", - "track": "false", + "track": "true", "untags": [], "value": "java.util.Random.nextInt()" }, @@ -3609,7 +3723,15 @@ "ignore_internal": false, "inherit": "false", "source": "O", - "stack_blacklist": [], + "stack_blacklist": [ + "getRandomSample", + "java.util.Hashtable", + "NullSafeConcurrentHashMap", + "org.apache.tomcat.websocket.WsWebSocketContainer.generateWsKeyValue", + "org.quartz.core.QuartzSchedulerThread.getRandomizedIdleWaitTime", + "SelectableConcurrentHashMap", + "net.bytebuddy.utility.RandomString.nextString" + ], "tags": [], "target": "", "track": "true", @@ -3765,7 +3887,7 @@ "target": "", "track": "true", "untags": [], - "value": "javax.servlet.jsp.el.ExpressionEvaluator.evaluate(java.lang.String,java.lang.Class,javax.servlet.jsp.el.VariableResolver,javax.servlet.jsp.el.FunctionMapper)" + "value": "jakarta.el.ELProcessor.eval(java.lang.String)" }, { "command": "", @@ -3778,7 +3900,7 @@ "target": "", "track": "true", "untags": [], - "value": "ognl.Ognl.getValue(java.lang.Object,java.lang.Object)" + "value": "jakarta.el.ELProcessor.getValue(java.lang.String,java.lang.Class)" }, { "command": "", @@ -3791,46 +3913,46 @@ "target": "", "track": "true", "untags": [], - "value": "ognl.Ognl.getValue(java.lang.Object,java.lang.Object,java.lang.Class)" + "value": "jakarta.el.ELProcessor.setValue(java.lang.String,java.lang.Object))" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "all", - "source": "P1", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "ognl.Ognl.getValue(java.lang.Object,java.util.Map,java.lang.Object)" + "value": "jakarta.el.ELProcessor.setVariable(java.lang.String,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "all", - "source": "P1", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "ognl.Ognl.getValue(java.lang.Object,java.util.Map,java.lang.Object,java.lang.Class)" + "value": "jakarta.el.ExpressionFactory.createMethodExpression(jakarta.el.ELContext,java.lang.String,java.lang.Class,java.lang.Class[])" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "all", - "source": "P1", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "ognl.Ognl.getValue(java.lang.String,java.lang.Object)" + "value": "jakarta.el.ExpressionFactory.createValueExpression(jakarta.el.ELContext,java.lang.String,java.lang.Class)" }, { "command": "", @@ -3843,7 +3965,7 @@ "target": "", "track": "true", "untags": [], - "value": "ognl.Ognl.getValue(java.lang.String,java.lang.Object,java.lang.Class)" + "value": "jakarta.servlet.jsp.el.ExpressionEvaluator.evaluate(java.lang.String,java.lang.Class,jakarta.servlet.jsp.el.VariableResolver,jakarta.servlet.jsp.el.FunctionMapper)" }, { "command": "", @@ -3856,7 +3978,7 @@ "target": "", "track": "true", "untags": [], - "value": "ognl.Ognl.getValue(java.lang.String,java.util.Map,java.lang.Object)" + "value": "javax.el.ELProcessor.eval(java.lang.String)" }, { "command": "", @@ -3869,7 +3991,7 @@ "target": "", "track": "true", "untags": [], - "value": "ognl.Ognl.getValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Class)" + "value": "javax.el.ELProcessor.getValue(java.lang.String,java.lang.Class)" }, { "command": "", @@ -3882,196 +4004,189 @@ "target": "", "track": "true", "untags": [], - "value": "org.apache.commons.ognl.Ognl.parseExpression(java.lang.String)" + "value": "javax.el.ELProcessor.setValue(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValue()" + "value": "javax.el.ELProcessor.setVariable(java.lang.String,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValue(java.lang.Class)" + "value": "javax.el.ExpressionFactory.createMethodExpression(javax.el.ELContext,java.lang.String,java.lang.Class,java.lang.Class[])" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValue(java.lang.Object)" + "value": "javax.el.ExpressionFactory.createValueExpression(javax.el.ELContext,java.lang.String,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValue(java.lang.Object,java.lang.Class)" + "value": "javax.servlet.jsp.el.ExpressionEvaluator.evaluate(java.lang.String,java.lang.Class,javax.servlet.jsp.el.VariableResolver,javax.servlet.jsp.el.FunctionMapper)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext)" + "value": "ognl.Ognl.getValue(java.lang.Object,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Class)" + "value": "ognl.Ognl.getValue(java.lang.Object,java.lang.Object,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Object)" + "value": "ognl.Ognl.getValue(java.lang.Object,java.util.Map,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Object,java.lang.Class)" + "value": "ognl.Ognl.getValue(java.lang.Object,java.util.Map,java.lang.Object,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValueTypeDescriptor()" + "value": "ognl.Ognl.getValue(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValueTypeDescriptor(java.lang.Object)" + "value": "ognl.Ognl.getValue(java.lang.String,java.lang.Object,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValueTypeDescriptor(org.springframework.expression.EvaluationContext)" + "value": "ognl.Ognl.getValue(java.lang.String,java.util.Map,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.springframework.expression.Expression.getValueTypeDescriptor(org.springframework.expression.EvaluationContext,java.lang.Object)" + "value": "ognl.Ognl.getValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P2", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.thymeleaf.standard.expression.IStandardExpressionParser.parseExpression(org.thymeleaf.context.IExpressionContext,java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "expression-language-injection" - }, - { - "details": [ + "value": "ognl.Ognl.parseExpression(java.lang.String)" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.commons.fileupload.FileItem.getName()" + "value": "org.apache.commons.ognl.Ognl.parseExpression(java.lang.String)" }, { "command": "", @@ -4081,10 +4196,10 @@ "source": "O", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.springframework.web.multipart.MultipartFile.getName()" + "value": "org.springframework.expression.Expression.getValue()" }, { "command": "", @@ -4094,212 +4209,232 @@ "source": "O", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.springframework.web.multipart.MultipartFile.getOriginalFilename()" - } - ], - "enable": 1, - "type": 1, - "value": "fileupload" - }, - { - "details": [ + "value": "org.springframework.expression.Expression.getValue(java.lang.Class)" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P2", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.createFilter(java.lang.Object,java.lang.String)" + "value": "org.springframework.expression.Expression.getValue(java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.createQuery(java.lang.String)" + "value": "org.springframework.expression.Expression.getValue(java.lang.Object,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.createSQLQuery(java.lang.String)" + "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.createSQLQuery(java.lang.String,java.lang.String,java.lang.Class)" + "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.createSQLQuery(java.lang.String,java.lang.String[],java.lang.Class[])" + "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.delete(java.lang.String)" + "value": "org.springframework.expression.Expression.getValue(org.springframework.expression.EvaluationContext,java.lang.Object,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.delete(java.lang.String,java.lang.Object,org.hibernate.type.Type)" + "value": "org.springframework.expression.Expression.getValueTypeDescriptor()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.delete(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" + "value": "org.springframework.expression.Expression.getValueTypeDescriptor(java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P2", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String)" + "value": "org.springframework.expression.Expression.getValueTypeDescriptor(org.springframework.expression.EvaluationContext)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P2", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String,java.lang.Object,org.hibernate.type.Type)" + "value": "org.springframework.expression.Expression.getValueTypeDescriptor(org.springframework.expression.EvaluationContext,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P2", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" + "value": "org.thymeleaf.standard.expression.Expression.parse(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.find(java.lang.String)" - }, + "value": "org.thymeleaf.standard.expression.IStandardExpressionParser.parseExpression(org.thymeleaf.context.IExpressionContext,java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "expression-language-injection" + }, + { + "details": [ { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "R", + "track": "false", "untags": [], - "value": "org.hibernate.Session.find(java.lang.String,java.lang.Object,org.hibernate.type.Type)" + "value": "org.apache.commons.fileupload.FileItem.getName()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "R", + "track": "false", "untags": [], - "value": "org.hibernate.Session.find(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" + "value": "org.springframework.web.multipart.MultipartFile.getName()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "O", + "stack_blacklist": [], + "tags": [], + "target": "R", + "track": "false", + "untags": [], + "value": "org.springframework.web.multipart.MultipartFile.getOriginalFilename()" + } + ], + "enable": 1, + "type": 1, + "value": "fileupload" + }, + { + "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.iterate(java.lang.String)" + "value": "org.hibernate.Session.createFilter(java.lang.Object,java.lang.String)" }, { "command": "", @@ -4312,7 +4447,7 @@ "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.iterate(java.lang.String,java.lang.Object,org.hibernate.type.Type)" + "value": "org.hibernate.Session.createQuery(java.lang.String)" }, { "command": "", @@ -4325,7 +4460,7 @@ "target": "", "track": "true", "untags": [], - "value": "org.hibernate.Session.iterate(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" + "value": "org.hibernate.Session.createSQLQuery(java.lang.String)" }, { "command": "", @@ -4338,7 +4473,7 @@ "target": "", "track": "true", "untags": [], - "value": "org.hibernate.SharedSessionContract.createQuery(java.lang.String)" + "value": "org.hibernate.Session.createSQLQuery(java.lang.String,java.lang.String,java.lang.Class)" }, { "command": "", @@ -4351,317 +4486,303 @@ "target": "", "track": "true", "untags": [], - "value": "org.hibernate.SharedSessionContract.createSQLQuery(java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "hql-injection" - }, - { - "details": [ + "value": "org.hibernate.Session.createSQLQuery(java.lang.String,java.lang.String[],java.lang.Class[])" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.http.entity.ByteArrayEntity.(byte[],int,int,org.apache.http.entity.ContentType)" + "value": "org.hibernate.Session.delete(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.http.entity.ByteArrayEntity.(byte[],org.apache.http.entity.ContentType)" + "value": "org.hibernate.Session.delete(java.lang.String,java.lang.Object,org.hibernate.type.Type)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.http.entity.InputStreamEntity.(java.io.InputStream,long,org.apache.http.entity.ContentType)" + "value": "org.hibernate.Session.delete(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1", + "inherit": "true", + "source": "P2", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.http.entity.StringEntity.(java.lang.String,java.lang.String,java.lang.String)" + "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1", + "inherit": "true", + "source": "P2", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.http.entity.StringEntity.(java.lang.String,org.apache.http.entity.ContentType)" - } - ], - "enable": 1, - "type": 1, - "value": "httpclient" - }, - { - "details": [ + "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String,java.lang.Object,org.hibernate.type.Type)" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1", + "inherit": "true", + "source": "P2", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.hc.core5.http.io.entity.ByteArrayEntity.(byte[],int,int,org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" + "value": "org.hibernate.Session.filter(java.lang.Object,java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.hc.core5.http.io.entity.ByteArrayEntity.(byte[],org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" + "value": "org.hibernate.Session.find(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.hc.core5.http.io.entity.InputStreamEntity.(java.io.InputStream,long,org.apache.hc.core5.http.ContentType,java.lang.String)" + "value": "org.hibernate.Session.find(java.lang.String,java.lang.Object,org.hibernate.type.Type)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.apache.hc.core5.http.io.entity.StringEntity.(java.lang.String,org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" - } - ], - "enable": 1, - "type": 1, - "value": "httpclient5" - }, - { - "details": [ + "value": "org.hibernate.Session.find(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "java.io.BufferedReader.(java.io.FileReader)" + "value": "org.hibernate.Session.iterate(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "java.io.BufferedReader.(java.io.InputStreamReader)" + "value": "org.hibernate.Session.iterate(java.lang.String,java.lang.Object,org.hibernate.type.Type)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "java.io.BufferedReader.(java.io.Reader)" + "value": "org.hibernate.Session.iterate(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "java.io.BufferedReader.(java.io.Reader,int)" + "value": "org.hibernate.SharedSessionContract.createQuery(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "java.io.BufferedReader.readLine()" + "value": "org.hibernate.SharedSessionContract.createSQLQuery(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "java.io.ByteArrayInputStream.(byte[])" + "value": "org.hibernate.criterion.Expression.sql(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "java.io.ByteArrayInputStream.(byte[],int,int)" + "value": "org.hibernate.criterion.Expression.sql(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { - "command": "REMOVE()", + "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "java.io.ByteArrayOutputStream.reset()" + "value": "org.hibernate.criterion.Restrictions.sqlRestriction(java.lang.String)" }, { - "command": "KEEP()", + "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "java.io.ByteArrayOutputStream.toByteArray()" + "value": "org.hibernate.criterion.Restrictions.sqlRestriction(java.lang.String,java.lang.Object,org.hibernate.type.Type)" }, { - "command": "KEEP()", + "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "java.io.ByteArrayOutputStream.toString()" + "value": "org.hibernate.criterion.Restrictions.sqlRestriction(java.lang.String,java.lang.Object[],org.hibernate.type.Type[])" }, { - "command": "KEEP()", + "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "java.io.ByteArrayOutputStream.toString(int)" + "value": "org.hibernate.query.QueryProducer.createNativeQuery(java.lang.String)" }, { - "command": "KEEP()", + "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "java.io.ByteArrayOutputStream.toString(java.lang.String)" + "value": "org.hibernate.query.QueryProducer.createNativeQuery(java.lang.String,java.lang.Class)" }, { - "command": "KEEP()", + "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "java.io.ByteArrayOutputStream.toString(java.nio.charset.Charset)" - }, + "value": "org.hibernate.query.QueryProducer.createNativeQuery(java.lang.String,java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "hql-injection" + }, + { + "details": [ { - "command": "APPEND(P2,P3)", + "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", @@ -4669,9 +4790,9 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "", + "track": "false", "untags": [], - "value": "java.io.ByteArrayOutputStream.write(byte[],int,int)" + "value": "org.apache.http.entity.ByteArrayEntity.(byte[],int,int,org.apache.http.entity.ContentType)" }, { "command": "", @@ -4682,12 +4803,12 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "", + "track": "false", "untags": [], - "value": "java.io.CharArrayReader.(char[])" + "value": "org.apache.http.entity.ByteArrayEntity.(byte[],org.apache.http.entity.ContentType)" }, { - "command": "INSERT(0,P2,P3)", + "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", @@ -4695,22 +4816,22 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "", + "track": "false", "untags": [], - "value": "java.io.CharArrayReader.(char[],int,int)" + "value": "org.apache.http.entity.InputStreamEntity.(java.io.InputStream,long,org.apache.http.entity.ContentType)" }, { - "command": "INSERT(0,P2,P3)", + "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "O", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "P1", - "track": "", + "target": "O", + "track": "false", "untags": [], - "value": "java.io.CharArrayReader.read(char[],int,int)" + "value": "org.apache.http.entity.StringEntity.(java.lang.String,java.lang.String,java.lang.String)" }, { "command": "", @@ -4721,10 +4842,17 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "", + "track": "false", "untags": [], - "value": "java.io.FileInputStream.(java.io.File)" - }, + "value": "org.apache.http.entity.StringEntity.(java.lang.String,org.apache.http.entity.ContentType)" + } + ], + "enable": 1, + "type": 1, + "value": "httpclient" + }, + { + "details": [ { "command": "", "ignore_blacklist": false, @@ -4734,9 +4862,9 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "", + "track": "false", "untags": [], - "value": "java.io.FileInputStream.(java.lang.String)" + "value": "org.apache.hc.core5.http.io.entity.ByteArrayEntity.(byte[],int,int,org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" }, { "command": "", @@ -4747,9 +4875,9 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "", + "track": "false", "untags": [], - "value": "java.io.FileReader.(java.io.File)" + "value": "org.apache.hc.core5.http.io.entity.ByteArrayEntity.(byte[],org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" }, { "command": "", @@ -4760,23 +4888,30 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "", + "track": "false", "untags": [], - "value": "java.io.InputStream.(java.io.InputStream)" + "value": "org.apache.hc.core5.http.io.entity.InputStreamEntity.(java.io.InputStream,long,org.apache.hc.core5.http.ContentType,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "O", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "P1", - "track": "", + "target": "O", + "track": "false", "untags": [], - "value": "java.io.InputStream.read(byte[],int,int)" - }, + "value": "org.apache.hc.core5.http.io.entity.StringEntity.(java.lang.String,org.apache.hc.core5.http.ContentType,java.lang.String,boolean)" + } + ], + "enable": 1, + "type": 1, + "value": "httpclient5" + }, + { + "details": [ { "command": "", "ignore_blacklist": false, @@ -4788,7 +4923,7 @@ "target": "O", "track": "", "untags": [], - "value": "java.io.InputStreamReader.(java.io.InputStream)" + "value": "java.io.BufferedReader.(java.io.InputStreamReader)" }, { "command": "", @@ -4801,36 +4936,36 @@ "target": "O", "track": "", "untags": [], - "value": "java.io.InputStreamReader.(java.io.InputStream,java.nio.charset.Charset)" + "value": "java.io.BufferedReader.(java.io.Reader)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "O", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "P1", + "target": "O", "track": "", "untags": [], - "value": "java.io.InputStreamReader.read(char[],int,int)" + "value": "java.io.BufferedReader.(java.io.Reader,int)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "P1", + "inherit": "false", + "source": "O", "stack_blacklist": [], "tags": [], - "target": "O", + "target": "R", "track": "", "untags": [], - "value": "java.io.ObjectInputStream.(java.io.InputStream)" + "value": "java.io.BufferedReader.readLine()" }, { - "command": "INSERT(0,P2,P3)", + "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", @@ -4838,12 +4973,12 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "false", + "track": "", "untags": [], - "value": "java.io.PipedInputStream.read(byte[],int,int)" + "value": "java.io.ByteArrayInputStream.(byte[])" }, { - "command": "INSERT(0,P2,P3)", + "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", @@ -4851,48 +4986,48 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "false", + "track": "", "untags": [], - "value": "java.io.PipedReader.read(char[],int,int)" + "value": "java.io.ByteArrayInputStream.(byte[],int,int)" }, { - "command": "", + "command": "REMOVE()", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], "target": "O", "track": "", "untags": [], - "value": "java.io.PushbackInputStream.(java.io.InputStream,int)" + "value": "java.io.ByteArrayOutputStream.reset()" }, { - "command": "", + "command": "KEEP()", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "source": "O", "stack_blacklist": [], "tags": [], - "target": "P1", + "target": "R", "track": "false", "untags": [], - "value": "java.io.PushbackInputStream.read(byte[],int,int)" + "value": "java.io.ByteArrayOutputStream.toByteArray()" }, { - "command": "", + "command": "KEEP()", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "R", + "track": "false", "untags": [], - "value": "java.io.StringReader.(java.lang.String)" + "value": "java.io.ByteArrayOutputStream.toString()" }, { "command": "KEEP()", @@ -4905,33 +5040,33 @@ "target": "R", "track": "false", "untags": [], - "value": "java.io.StringWriter.toString()" + "value": "java.io.ByteArrayOutputStream.toString(int)" }, { - "command": "APPEND(P2,P3)", + "command": "KEEP()", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], - "target": "O", + "target": "R", "track": "false", "untags": [], - "value": "java.io.StringWriter.write(char[],int,int)" + "value": "java.io.ByteArrayOutputStream.toString(java.lang.String)" }, { - "command": "APPEND()", + "command": "KEEP()", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "P1", + "source": "O", "stack_blacklist": [], "tags": [], - "target": "O", + "target": "R", "track": "false", "untags": [], - "value": "java.io.StringWriter.write(java.lang.String)" + "value": "java.io.ByteArrayOutputStream.toString(java.nio.charset.Charset)" }, { "command": "APPEND(P2,P3)", @@ -4942,9 +5077,9 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "false", + "track": "", "untags": [], - "value": "java.io.StringWriter.write(java.lang.String,int,int)" + "value": "java.io.ByteArrayOutputStream.write(byte[],int,int)" }, { "command": "", @@ -4957,36 +5092,36 @@ "target": "O", "track": "", "untags": [], - "value": "java.net.Socket.(java.lang.String,int)" + "value": "java.io.CharArrayReader.(char[])" }, { - "command": "", + "command": "INSERT(0,P2,P3)", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "O", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", + "target": "O", "track": "", "untags": [], - "value": "java.net.Socket.getOutputStream()" + "value": "java.io.CharArrayReader.(char[],int,int)" }, { - "command": "REMOVE()", + "command": "INSERT(0,P2,P3)", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", "source": "O", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "P1", + "track": "", "untags": [], - "value": "org.apache.commons.io.output.ByteArrayOutputStream.reset()" + "value": "java.io.CharArrayReader.read(char[],int,int)" }, { - "command": "APPEND(P2,P3)", + "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", @@ -4994,107 +5129,302 @@ "stack_blacklist": [], "tags": [], "target": "O", - "track": "false", + "track": "", "untags": [], - "value": "org.apache.commons.io.output.ByteArrayOutputStream.write(byte[],int,int)" - } - ], - "enable": 1, - "type": 1, - "value": "io" - }, - { - "details": [ + "value": "java.io.FileInputStream.(java.io.File)" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "O", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", + "target": "O", "track": "", "untags": [], - "value": "javax.xml.bind.JAXBElement.getValue()" + "value": "java.io.FileInputStream.(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", + "target": "O", "track": "", "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(java.io.InputStream)" + "value": "java.io.FileReader.(java.io.File)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", + "target": "O", "track": "", "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(java.io.Reader)" + "value": "java.io.InputStream.(java.io.InputStream)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "false", + "source": "O", "stack_blacklist": [], "tags": [], - "target": "R", + "target": "P1", "track": "", "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(javax.xml.transform.Source)" + "value": "java.io.InputStream.read(byte[],int,int)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "R", + "target": "O", "track": "", "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(javax.xml.transform.Source,java.lang.Class)" + "value": "java.io.InputStreamReader.(java.io.InputStream)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "", + "untags": [], + "value": "java.io.InputStreamReader.(java.io.InputStream,java.nio.charset.Charset)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "O", + "stack_blacklist": [], + "tags": [], + "target": "P1", + "track": "", + "untags": [], + "value": "java.io.InputStreamReader.read(char[],int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "", + "untags": [], + "value": "java.io.ObjectInputStream.(java.io.InputStream)" + }, + { + "command": "INSERT(0,P2,P3)", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "false", + "untags": [], + "value": "java.io.PipedInputStream.read(byte[],int,int)" + }, + { + "command": "INSERT(0,P2,P3)", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "false", + "untags": [], + "value": "java.io.PipedReader.read(char[],int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "", + "untags": [], + "value": "java.io.PushbackInputStream.(java.io.InputStream,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "O", + "stack_blacklist": [], + "tags": [], + "target": "P1", + "track": "false", + "untags": [], + "value": "java.io.PushbackInputStream.read(byte[],int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], + "target": "O", + "track": "", + "untags": [], + "value": "java.io.StringReader.(java.lang.String)" + }, + { + "command": "KEEP()", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "O", + "stack_blacklist": [], + "tags": [], "target": "R", + "track": "false", + "untags": [], + "value": "java.io.StringWriter.toString()" + }, + { + "command": "APPEND(P2,P3)", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "false", + "untags": [], + "value": "java.io.StringWriter.write(char[],int,int)" + }, + { + "command": "APPEND()", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "false", + "untags": [], + "value": "java.io.StringWriter.write(java.lang.String)" + }, + { + "command": "APPEND(P2,P3)", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "false", + "untags": [], + "value": "java.io.StringWriter.write(java.lang.String,int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "O", "track": "", "untags": [], - "value": "javax.xml.bind.Unmarshaller.unmarshal(org.xml.sax.InputSource)" + "value": "java.net.Socket.(java.lang.String,int)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", + "source": "O", + "stack_blacklist": [], + "tags": [], + "target": "R", + "track": "", + "untags": [], + "value": "java.net.Socket.getOutputStream()" + }, + { + "command": "REMOVE()", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "O", + "stack_blacklist": [], + "tags": [], + "target": "O", + "track": "false", + "untags": [], + "value": "org.apache.commons.io.output.ByteArrayOutputStream.reset()" + }, + { + "command": "APPEND(P2,P3)", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], + "target": "O", + "track": "false", + "untags": [], + "value": "org.apache.commons.io.output.ByteArrayOutputStream.write(byte[],int,int)" + } + ], + "enable": 1, + "type": 1, + "value": "io" + }, + { + "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "O", + "stack_blacklist": [], + "tags": [], "target": "R", "track": "", "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.InputStream)" + "value": "javax.xml.bind.JAXBElement.getValue()" }, { "command": "", @@ -5107,7 +5437,7 @@ "target": "R", "track": "", "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.InputStream,java.lang.String)" + "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.InputStream)" }, { "command": "", @@ -5120,7 +5450,7 @@ "target": "R", "track": "", "untags": [], - "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.Reader)" + "value": "javax.xml.stream.XMLInputFactory.createXMLStreamReader(java.io.InputStream,java.lang.String)" }, { "command": "", @@ -6013,40 +6343,40 @@ "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.naming.directory.DirContext.search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)" + "value": "jakarta.naming.directory.DirContext.search(java.lang.String,java.lang.String,jakarta.naming.directory.SearchControls)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.naming.directory.DirContext.search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)" + "value": "jakarta.naming.directory.DirContext.search(java.lang.String,java.lang.String,java.lang.Object[],jakarta.naming.directory.SearchControls)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)" + "value": "jakarta.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,jakarta.naming.directory.SearchControls)" }, { "command": "", @@ -6059,32 +6389,71 @@ "target": "", "track": "true", "untags": [], - "value": "javax.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)" - } - ], - "enable": 1, - "type": 4, - "value": "ldap-injection" - }, - { - "details": [ + "value": "javax.naming.directory.DirContext.search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.mongodb.DB.doEval(java.lang.String,java.lang.Object[])" - } - ], - "enable": 1, - "type": 4, - "value": "nosql-injection" + "value": "javax.naming.directory.DirContext.search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "source": "P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "javax.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "source": "P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "javax.naming.directory.InitialDirContext.search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)" + } + ], + "enable": 1, + "type": 4, + "value": "ldap-injection" + }, + { + "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "com.mongodb.DB.doEval(java.lang.String,java.lang.Object[])" + } + ], + "enable": 1, + "type": 4, + "value": "nosql-injection" }, { "details": [ @@ -6322,21 +6691,6 @@ "untags": [], "value": "org.springframework.web.bind.annotation.support.HandlerMethodInvoker.resolvePathVariable(java.lang.String,org.springframework.core.MethodParameter,org.springframework.web.context.request.NativeWebRequest,java.lang.Object)" }, - { - "command": "", - "ignore_blacklist": false, - "ignore_internal": false, - "inherit": "true", - "source": "P1", - "stack_blacklist": [], - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "untags": [], - "value": "org.springframework.web.method.support.HandlerMethodArgumentResolver.resolveArgument(org.springframework.core.MethodParameter,org.springframework.web.method.support.ModelAndViewContainer,org.springframework.web.context.request.NativeWebRequest,org.springframework.web.bind.support.WebDataBinderFactory)" - }, { "command": "", "ignore_blacklist": false, @@ -6351,21 +6705,6 @@ "track": "false", "untags": [], "value": "org.springframework.web.servlet.mvc.method.annotation.PathVariableMethodArgumentResolver.resolveName(java.lang.String,org.springframework.core.MethodParameter,org.springframework.web.context.request.NativeWebRequest)" - }, - { - "command": "", - "ignore_blacklist": false, - "ignore_internal": false, - "inherit": "false", - "source": "O", - "stack_blacklist": [], - "tags": [ - "cross-site" - ], - "target": "R", - "track": "false", - "untags": [], - "value": "org.springframework.web.util.pattern.PathPattern.getPatternString()" } ], "enable": 1, @@ -6996,7 +7335,10 @@ "ignore_internal": false, "inherit": "all", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "org.owasp.esapi.reference.DefaultValidator.isValidDirectoryPath", + "org.owasp.esapi.reference.DefaultValidator.isValidFileName" + ], "tags": [], "target": "", "track": "true", @@ -7029,6 +7371,32 @@ "untags": [], "value": "java.io.File.(java.net.URI)" }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1&P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.io.File.createTempFile(java.lang.String,java.lang.String,java.io.File)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.io.FileInputStream.(java.lang.String)" + }, { "command": "", "ignore_blacklist": false, @@ -7081,7 +7449,10 @@ "ignore_internal": false, "inherit": "false", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "org.springframework.web.util.UriComponentsBuilder.fromOriginHeader", + "org.springframework.web.util.UriComponentsBuilder.fromUriString" + ], "tags": [], "target": "", "track": "true", @@ -7465,7 +7836,9 @@ "ignore_internal": false, "inherit": "all", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "OutSupport.writeEscapedXml" + ], "tags": [], "target": "", "track": "true", @@ -7755,6 +8128,149 @@ }, { "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.Message.setFrom(jakarta.mail.Address)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1&P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.Message.setHeader(java.lang.String,java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.Message.setRecipient(jakarta.mail.Message.RecipientType,jakarta.mail.Address)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.Message.setSubject(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.Part.setText(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1&P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.internet.InternetHeaders.addHeader(java.lang.String,java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.internet.InternetHeaders.addHeaderLine(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1&P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.internet.InternetHeaders.setHeader(java.lang.String,java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.internet.MimeBodyPart.setText(jakarta.mail.internet.MimePart,java.lang.String,java.lang.String,java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.internet.MimeMessage.setRecipients(jakarta.mail.Message.RecipientType,java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1&P2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.mail.internet.MimeMessage.setSubject(java.lang.String,java.lang.String)" + }, { "command": "", "ignore_blacklist": false, @@ -7773,7 +8289,7 @@ "ignore_blacklist": false, "ignore_internal": false, "inherit": "all", - "source": "P1,2", + "source": "P1&P2", "stack_blacklist": [], "tags": [], "target": "", @@ -7825,7 +8341,7 @@ "ignore_blacklist": false, "ignore_internal": false, "inherit": "all", - "source": "P1,2", + "source": "P1&P2", "stack_blacklist": [], "tags": [], "target": "", @@ -7851,7 +8367,7 @@ "ignore_blacklist": false, "ignore_internal": false, "inherit": "all", - "source": "P1,2", + "source": "P1&P2", "stack_blacklist": [], "tags": [], "target": "", @@ -7890,7 +8406,7 @@ "ignore_blacklist": false, "ignore_internal": false, "inherit": "all", - "source": "P1", + "source": "P1&P2", "stack_blacklist": [], "tags": [], "target": "", @@ -8409,71 +8925,457 @@ "inherit": "false", "source": "P1", "stack_blacklist": [], - "tags": [ - "base64-decoded" - ], - "target": "R", - "track": "false", - "untags": [ - "base64-encoded" - ], - "value": "org.springframework.webflow.util.Base64.decodeFromString(java.lang.String)" + "tags": [ + "base64-decoded" + ], + "target": "R", + "track": "false", + "untags": [ + "base64-encoded" + ], + "value": "org.springframework.webflow.util.Base64.decodeFromString(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [ + "base64-encoded" + ], + "target": "R", + "track": "false", + "untags": [ + "base64-decoded" + ], + "value": "org.springframework.webflow.util.Base64.encode(byte[])" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [ + "base64-encoded" + ], + "target": "R", + "track": "false", + "untags": [ + "base64-decoded" + ], + "value": "org.springframework.webflow.util.Base64.encode(byte[],int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "false", + "source": "P1", + "stack_blacklist": [], + "tags": [ + "base64-encoded" + ], + "target": "R", + "track": "false", + "untags": [ + "base64-decoded" + ], + "value": "org.springframework.webflow.util.Base64.encodeToString(java.lang.String)" + } + ], + "enable": 1, + "type": 1, + "value": "spring" + }, + { + "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.persistence.EntityManager.createNativeQuery(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.Class)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "jakarta.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareCall(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareCall(java.lang.String,int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareCall(java.lang.String,int,int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,int,int,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,int[])" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Connection.prepareStatement(java.lang.String,java.lang.String[])" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.addBatch(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.execute(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.execute(java.lang.String,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.execute(java.lang.String,int[])" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.execute(java.lang.String,java.lang.String[])" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeLargeUpdate(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,int[])" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,java.lang.String[])" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeQuery(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [ + "org.mariadb.jdbc.MariaDbConnection.setAutoCommit" + ], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeUpdate(java.lang.String)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeUpdate(java.lang.String,int)" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeUpdate(java.lang.String,int[])" + }, + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "true", + "source": "P1", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "java.sql.Statement.executeUpdate(java.lang.String,java.lang.String[])" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], - "tags": [ - "base64-encoded" - ], - "target": "R", - "track": "false", - "untags": [ - "base64-decoded" - ], - "value": "org.springframework.webflow.util.Base64.encode(byte[])" + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "javax.persistence.EntityManager.createNativeQuery(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], - "tags": [ - "base64-encoded" - ], - "target": "R", - "track": "false", - "untags": [ - "base64-decoded" - ], - "value": "org.springframework.webflow.util.Base64.encode(byte[],int,int)" + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "javax.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], - "tags": [ - "base64-encoded" - ], - "target": "R", - "track": "false", - "untags": [ - "base64-decoded" - ], - "value": "org.springframework.webflow.util.Base64.encodeToString(java.lang.String)" + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "javax.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.String)" } ], "enable": 1, - "type": 1, - "value": "spring" + "type": 4, + "value": "sql-injection" }, { "details": [ @@ -8481,455 +9383,475 @@ "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "false", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "jakarta.persistence.EntityManager.createNativeQuery(java.lang.String)" + "value": "com.squareup.okhttp.Call.enqueue(com.squareup.okhttp.Callback)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "false", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareCall(java.lang.String)" + "value": "com.squareup.okhttp.Call.execute()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "all", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareCall(java.lang.String,int,int)" + "value": "okhttp3.Call.enqueue(okhttp3.Callback)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "all", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareCall(java.lang.String,int,int,int)" + "value": "okhttp3.Call.execute()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String)" + "value": "org.apache.commons.httpclient.HttpMethodBase.setURI(org.apache.commons.httpclient.URI)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,int)" + "value": "org.apache.hc.client5.http.impl.classic.CloseableHttpClient.doExecute(org.apache.hc.core5.http.HttpHost,org.apache.hc.core5.http.ClassicHttpRequest,org.apache.hc.core5.http.protocol.HttpContext)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,int,int)" + "value": "org.apache.http.impl.client.CloseableHttpClient.doExecute(org.apache.http.HttpHost,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "all", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,int,int,int)" + "value": "sun.net.www.protocol.http.HttpURLConnection.connect()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "false", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,int[])" - }, + "value": "sun.net.www.protocol.http.HttpURLConnection.getInputStream()" + } + ], + "enable": 1, + "type": 4, + "value": "ssrf" + }, + { + "details": [ { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "false", + "source": "P1,2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Connection.prepareStatement(java.lang.String,java.lang.String[])" + "value": "coldfusion.runtime.SessionScope.bind(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "P1&P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.addBatch(java.lang.String)" + "value": "jakarta.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.execute(java.lang.String)" + "value": "jakarta.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.execute(java.lang.String,int)" + "value": "javax.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P1", + "source": "P1,2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.execute(java.lang.String,int[])" + "value": "javax.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "false", + "source": "P1,2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.execute(java.lang.String,java.lang.String[])" + "value": "org.apache.struts2.dispatcher.SessionMap.put(java.lang.Object,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", + "source": "P1,2", + "stack_blacklist": [], + "tags": [], + "target": "", + "track": "true", + "untags": [], + "value": "play.mvc.Http$Session.put(java.lang.String,java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "trust-boundary-violation" + }, + { + "details": [ + { + "command": "", + "ignore_blacklist": false, + "ignore_internal": false, + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeLargeUpdate(java.lang.String)" + "value": "com.alibaba.fastjson.JSON.parse(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,int)" + "value": "com.alibaba.fastjson.JSON.parse(java.lang.String,int)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,int[])" + "value": "com.alibaba.fastjson.JSON.parseObject(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "false", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeLargeUpdate(java.lang.String,java.lang.String[])" + "value": "com.caucho.hessian.io.HessianInput.readObject()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeQuery(java.lang.String)" + "value": "com.esotericsoftware.kryo.Kryo.readClassAndObject(com.esotericsoftware.kryo.io.Input)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeUpdate(java.lang.String)" + "value": "com.esotericsoftware.kryo.Kryo.readObject(com.esotericsoftware.kryo.io.Input,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeUpdate(java.lang.String,int)" + "value": "com.esotericsoftware.kryo.Kryo.readObject(com.esotericsoftware.kryo.io.Input,java.lang.Class,com.esotericsoftware.kryo.Serializer)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeUpdate(java.lang.String,int[])" + "value": "com.esotericsoftware.kryo.Kryo.readObjectOrNull(com.esotericsoftware.kryo.io.Input,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "java.sql.Statement.executeUpdate(java.lang.String,java.lang.String[])" + "value": "com.esotericsoftware.kryo.Kryo.readObjectOrNull(com.esotericsoftware.kryo.io.Input,java.lang.Class,com.esotericsoftware.kryo.Serializer)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.persistence.EntityManager.createNativeQuery(java.lang.String,java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "sql-injection" - }, - { - "details": [ + "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.InputStream)" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "O", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.squareup.okhttp.Call.enqueue(com.squareup.okhttp.Callback)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.InputStream,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "O", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.squareup.okhttp.Call.execute()" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.Reader)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "O", + "inherit": "false", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "okhttp3.Call.enqueue(okhttp3.Callback)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.Reader,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "O", + "inherit": "false", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "okhttp3.Call.execute()" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.commons.httpclient.HttpMethodBase.setURI(org.apache.commons.httpclient.URI)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "P2", + "inherit": "false", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.hc.client5.http.impl.classic.CloseableHttpClient.doExecute(org.apache.hc.core5.http.HttpHost,org.apache.hc.core5.http.ClassicHttpRequest,org.apache.hc.core5.http.protocol.HttpContext)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.net.URL)" }, { "command": "", "ignore_blacklist": false, - "ignore_internal": false, - "inherit": "all", - "source": "P2", + "ignore_internal": false, + "inherit": "false", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.http.impl.client.CloseableHttpClient.doExecute(org.apache.http.HttpHost,org.apache.http.HttpRequest,org.apache.http.protocol.HttpContext)" + "value": "com.thoughtworks.xstream.XStream.fromXML(java.net.URL,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "sun.net.www.protocol.http.HttpURLConnection.connect()" + "value": "java.io.ObjectInput.readObject()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "sun.net.www.protocol.http.HttpURLConnection.getInputStream()" + "value": "java.io.ObjectInputStream.readObject()" } ], "enable": 1, "type": 4, - "value": "ssrf" + "value": "unsafe-json-deserialize" }, { "details": [ @@ -8937,84 +9859,91 @@ "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1,2", + "inherit": "true", + "source": "O", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "coldfusion.runtime.SessionScope.bind(java.lang.String,java.lang.Object)" - }, + "value": "java.io.BufferedReader.readLine()" + } + ], + "enable": 1, + "type": 4, + "value": "unsafe-readline" + }, + { + "details": [ { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1,2", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "jakarta.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object)" + "value": "java.beans.XMLDecoder.(java.io.InputStream)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1,2", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.servlet.http.HttpSession.putValue(java.lang.String,java.lang.Object)" + "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1,2", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.servlet.http.HttpSession.setAttribute(java.lang.String,java.lang.Object)" + "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object,java.beans.ExceptionListener)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1,2", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.struts2.dispatcher.SessionMap.put(java.lang.Object,java.lang.Object)" + "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object,java.beans.ExceptionListener,java.lang.ClassLoader)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1,2", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "play.mvc.Http$Session.put(java.lang.String,java.lang.String)" + "value": "java.beans.XMLDecoder.(org.xml.sax.InputSource)" } ], "enable": 1, "type": 4, - "value": "trust-boundary-violation" + "value": "unsafe-xml-decode" }, { "details": [ @@ -9022,197 +9951,211 @@ "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.alibaba.fastjson.JSON.parse(java.lang.String)" + "value": "jakarta.servlet.ServletContext.getRequestDispatcher(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.alibaba.fastjson.JSON.parse(java.lang.String,int)" + "value": "jakarta.servlet.jsp.PageContext.forward(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.alibaba.fastjson.JSON.parseObject(java.lang.String)" + "value": "javax.servlet.ServletContext.getRequestDispatcher(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "false", - "source": "O", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.caucho.hessian.io.HessianInput.readObject()" - }, + "value": "javax.servlet.jsp.PageContext.forward(java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "unvalidated-forward" + }, + { + "details": [ { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1", + "inherit": "true", + "source": "P4", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readClassAndObject(com.esotericsoftware.kryo.io.Input)" + "value": "io.netty.handler.codec.http.DefaultHttpHeaders.add0(int,int,java.lang.CharSequence,java.lang.CharSequence)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1", + "inherit": "true", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readObject(com.esotericsoftware.kryo.io.Input,java.lang.Class)" + "value": "jakarta.servlet.http.HttpServletResponse.addHeader(java.lang.String,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readObject(com.esotericsoftware.kryo.io.Input,java.lang.Class,com.esotericsoftware.kryo.Serializer)" + "value": "jakarta.servlet.http.HttpServletResponse.sendRedirect(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1", + "inherit": "true", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readObjectOrNull(com.esotericsoftware.kryo.io.Input,java.lang.Class)" + "value": "jakarta.servlet.http.HttpServletResponse.setHeader(java.lang.String,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.esotericsoftware.kryo.Kryo.readObjectOrNull(com.esotericsoftware.kryo.io.Input,java.lang.Class,com.esotericsoftware.kryo.Serializer)" + "value": "jakarta.ws.rs.core.Response.temporaryRedirect(java.net.URI)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1", + "inherit": "true", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.InputStream)" + "value": "javax.servlet.http.HttpServletResponse.addHeader(java.lang.String,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.InputStream,java.lang.Object)" + "value": "javax.servlet.http.HttpServletResponse.sendRedirect(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "P1", + "inherit": "true", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.Reader)" + "value": "javax.servlet.http.HttpServletResponse.setHeader(java.lang.String,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.io.Reader,java.lang.Object)" + "value": "javax.ws.rs.core.Response.temporaryRedirect(java.net.URI)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.lang.String)" + "value": "org.glassfish.grizzly.http.server.Response.sendRedirect(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.lang.String,java.lang.Object)" - }, + "value": "play.mvc.Results.redirect(java.lang.String)" + } + ], + "enable": 1, + "type": 4, + "value": "unvalidated-redirect" + }, + { + "details": [ { "command": "", "ignore_blacklist": false, @@ -9221,10 +10164,10 @@ "source": "P1", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "O", + "track": "", "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.net.URL)" + "value": "org.xml.sax.InputSource.(java.io.InputStream)" }, { "command": "", @@ -9234,120 +10177,106 @@ "source": "P1", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "O", + "track": "", "untags": [], - "value": "com.thoughtworks.xstream.XStream.fromXML(java.net.URL,java.lang.Object)" + "value": "org.xml.sax.InputSource.(java.io.Reader)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "O", + "inherit": "false", + "source": "P1", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "O", + "track": "", "untags": [], - "value": "java.io.ObjectInput.readObject()" + "value": "org.xml.sax.InputSource.(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "source": "O", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "R", + "track": "", "untags": [], - "value": "java.io.ObjectInputStream.readObject()" - } - ], - "enable": 1, - "type": 4, - "value": "unsafe-json-deserialize" - }, - { - "details": [ + "value": "org.xml.sax.InputSource.getByteStream()" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "false", "source": "O", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "R", + "track": "", "untags": [], - "value": "java.io.BufferedReader.readLine()" - } - ], - "enable": 1, - "type": 4, - "value": "unsafe-readline" - }, - { - "details": [ + "value": "org.xml.sax.InputSource.getCharacterStream()" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "P1", + "inherit": "false", + "source": "O", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "R", + "track": "", "untags": [], - "value": "java.beans.XMLDecoder.(java.io.InputStream)" + "value": "org.xml.sax.InputSource.getSystemId()" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "O", + "track": "", "untags": [], - "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object)" + "value": "org.xml.sax.InputSource.setByteStream(java.io.InputStream)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "O", + "track": "", "untags": [], - "value": "java.beans.XMLDecoder.(java.io.InputStream,java.lang.Object,java.beans.ExceptionListener)" + "value": "org.xml.sax.InputSource.setCharacterStream(java.io.Reader)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "false", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "", - "track": "true", + "target": "O", + "track": "false", "untags": [], - "value": "java.beans.XMLDecoder.(org.xml.sax.InputSource)" + "value": "org.xml.sax.InputSource.setSystemId(java.lang.String)" } ], "enable": 1, - "type": 4, - "value": "unsafe-xml-decode" + "type": 1, + "value": "xml.sax" }, { "details": [ @@ -9355,86 +10284,79 @@ "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "jakarta.servlet.ServletContext.getRequestDispatcher(java.lang.String)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.compile(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "jakarta.servlet.jsp.PageContext.forward(java.lang.String)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.eval(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.servlet.ServletContext.getRequestDispatcher(java.lang.String)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.servlet.jsp.PageContext.forward(java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "unvalidated-forward" - }, - { - "details": [ + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P4", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "io.netty.handler.codec.http.DefaultHttpHeaders.add0(int,int,java.lang.CharSequence,java.lang.CharSequence)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P2", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "jakarta.servlet.http.HttpServletResponse.addHeader(java.lang.String,java.lang.String)" + "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" }, { "command": "", @@ -9447,20 +10369,20 @@ "target": "", "track": "true", "untags": [], - "value": "jakarta.servlet.http.HttpServletResponse.sendRedirect(java.lang.String)" + "value": "jakarta.xml.xpath.XPath.compile(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P2", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "jakarta.servlet.http.HttpServletResponse.setHeader(java.lang.String,java.lang.String)" + "value": "jakarta.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object)" }, { "command": "", @@ -9473,20 +10395,20 @@ "target": "", "track": "true", "untags": [], - "value": "jakarta.ws.rs.core.Response.temporaryRedirect(java.net.URI)" + "value": "jakarta.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object,jakarta.xml.namespace.QName)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, "inherit": "true", - "source": "P2", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.servlet.http.HttpServletResponse.addHeader(java.lang.String,java.lang.String)" + "value": "jakarta.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource)" }, { "command": "", @@ -9499,191 +10421,177 @@ "target": "", "track": "true", "untags": [], - "value": "javax.servlet.http.HttpServletResponse.sendRedirect(java.lang.String)" + "value": "jakarta.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource,jakarta.xml.namespace.QName)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P2", + "inherit": "all", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.servlet.http.HttpServletResponse.setHeader(java.lang.String,java.lang.String)" + "value": "javax.xml.xpath.XPath.compile(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", - "source": "P1", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.ws.rs.core.Response.temporaryRedirect(java.net.URI)" + "value": "javax.xml.xpath.XPath.eval(org.w3c.dom.Node,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.glassfish.grizzly.http.server.Response.sendRedirect(java.lang.String)" + "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "true", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "play.mvc.Results.redirect(java.lang.String)" - } - ], - "enable": 1, - "type": 4, - "value": "unvalidated-redirect" - }, - { - "details": [ + "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.(java.io.InputStream)" + "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.(java.io.Reader)" + "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.(java.lang.String)" + "value": "net.sf.saxon.s9api.XPathCompiler.compile(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.getByteStream()" + "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.getCharacterStream()" + "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String,org.apache.xml.utils.PrefixResolver)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", - "source": "O", + "inherit": "all", + "source": "P2", "stack_blacklist": [], "tags": [], - "target": "R", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.getSystemId()" + "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.setByteStream(java.io.InputStream)" + "value": "org.apache.xpath.jaxp.XPathImpl.compile(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.setCharacterStream(java.io.Reader)" + "value": "org.apache.xpath.jaxp.XPathImpl.eval(java.lang.String,java.lang.Object)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "false", + "inherit": "all", "source": "P1", "stack_blacklist": [], "tags": [], - "target": "O", - "track": "false", + "target": "", + "track": "true", "untags": [], - "value": "org.xml.sax.InputSource.setSystemId(java.lang.String)" - } - ], - "enable": 1, - "type": 1, - "value": "xml.sax" - }, - { - "details": [ + "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object)" + }, { "command": "", "ignore_blacklist": false, @@ -9695,7 +10603,7 @@ "target": "", "track": "true", "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.compile(java.lang.String)" + "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" }, { "command": "", @@ -9708,7 +10616,7 @@ "target": "", "track": "true", "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.eval(java.lang.String,java.lang.Object)" + "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource)" }, { "command": "", @@ -9721,262 +10629,262 @@ "target": "", "track": "true", "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object)" - }, + "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" + } + ], + "enable": 1, + "type": 4, + "value": "xpath-injection" + }, + { + "details": [ { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.stream.XMLEventReader)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.stream.XMLEventReader,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "com.sun.org.apache.xpath.internal.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.stream.XMLStreamReader)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.xml.xpath.XPath.compile(java.lang.String)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.stream.XMLStreamReader,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "P2", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.xml.xpath.XPath.eval(org.w3c.dom.Node,java.lang.String)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.transform.Source)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(jakarta.xml.transform.Source,java.lang.Class)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(java.io.InputStream)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(java.io.Reader)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "javax.xml.xpath.XPath.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" + "value": "jakarta.xml.bind.Unmarshaller.unmarshal(org.xml.sax.InputSource)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "net.sf.saxon.s9api.XPathCompiler.compile(java.lang.String)" + "value": "jakarta.xml.parsers.DocumentBuilder.parse(java.io.InputStream)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "P2", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String)" + "value": "jakarta.xml.parsers.DocumentBuilder.parse(java.io.InputStream,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "P2", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String,org.apache.xml.utils.PrefixResolver)" + "value": "jakarta.xml.parsers.DocumentBuilder.parse(java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", - "source": "P2", + "inherit": "true", + "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.XPathAPI.eval(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)" + "value": "jakarta.xml.parsers.DocumentBuilder.parse(org.xml.sax.InputSource)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.compile(java.lang.String)" + "value": "jakarta.xml.parsers.SAXParser.parse(java.io.InputStream,org.xml.sax.HandlerBase)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.eval(java.lang.String,java.lang.Object)" + "value": "jakarta.xml.parsers.SAXParser.parse(java.io.InputStream,org.xml.sax.HandlerBase,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object)" + "value": "jakarta.xml.parsers.SAXParser.parse(java.io.InputStream,org.xml.sax.helpers.DefaultHandler)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)" + "value": "jakarta.xml.parsers.SAXParser.parse(java.io.InputStream,org.xml.sax.helpers.DefaultHandler,java.lang.String)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource)" + "value": "jakarta.xml.parsers.SAXParser.parse(org.xml.sax.InputSource,org.xml.sax.HandlerBase)" }, { "command": "", "ignore_blacklist": false, "ignore_internal": false, - "inherit": "all", + "inherit": "true", "source": "P1", "stack_blacklist": [], "tags": [], "target": "", "track": "true", "untags": [], - "value": "org.apache.xpath.jaxp.XPathImpl.evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)" - } - ], - "enable": 1, - "type": 4, - "value": "xpath-injection" - }, - { - "details": [ + "value": "jakarta.xml.parsers.SAXParser.parse(org.xml.sax.InputSource,org.xml.sax.helpers.DefaultHandler)" + }, { "command": "", "ignore_blacklist": false, @@ -10074,7 +10982,9 @@ "ignore_internal": false, "inherit": "true", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "org.eclipse.persistence.jaxb.rs.MOXyJsonProvider.readFrom" + ], "tags": [], "target": "", "track": "true", @@ -10340,19 +11250,6 @@ "track": "true", "untags": [], "value": "nu.xom.Builder.build(java.lang.String)" - }, - { - "command": "", - "ignore_blacklist": false, - "ignore_internal": false, - "inherit": "true", - "source": "P1", - "stack_blacklist": [], - "tags": [], - "target": "", - "track": "true", - "untags": [], - "value": "org.xml.sax.XMLReader.parse(org.xml.sax.InputSource)" } ], "enable": 1, @@ -10452,7 +11349,9 @@ "ignore_internal": false, "inherit": "all", "source": "P1", - "stack_blacklist": [], + "stack_blacklist": [ + "a" + ], "tags": [], "target": "", "track": "true",