cx_results.sarif

{"$schema":"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"Checkmarx AST","version":"1.0","informationUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","rules":[{"id":"7384dfb2-fcd1-4fbf-91cd-6c44c318c33c [Taken from query_id] (kics)","name":"APT-GET Not Avoiding Additional Packages","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Check if any apt-get installs don't use '--no-install-recommends' flag to avoid installing additional packages.\n Value:'RUN   apt-get update \u0026\u0026 apt-get install \u0026\u0026   useradd --home-dir /home/webgoat --create-home -U webgoat' does not use '--no-install-recommends' flag to avoid installing additional packages.\n Expected value:'RUN   apt-get update \u0026\u0026 apt-get install \u0026\u0026   useradd --home-dir /home/webgoat --create-home -U webgoat' uses '--no-install-recommends' flag to avoid installing additional packages"},"properties":{"security-severity":3.5}},{"id":"df746b39-6564-4fed-bf85-e9c44382303c [Taken from query_id] (kics)","name":"Apt Get Install Lists Were Not Deleted","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"After using apt-get install, it is needed to delete apt-get lists\n Value:After using apt-get install, the apt-get lists were not deleted.\n Expected value:After using apt-get install, it is needed to delete apt-get lists"},"properties":{"security-severity":3.5}},{"id":"8423996506624030647 (sast)","name":"Heap Inspection","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Method @SourceMethod at line @SourceLine of @SourceFile defines @SourceElement, which is designated to contain user passwords. However, while plaintext passwords are later assigned to @SourceElement, this variable is never cleared from memory.\n\n"},"properties":{"security-severity":6.5}},{"id":"aa93e17f-b6db-4162-9334-c70334e7ac28 [Taken from query_id] (kics)","name":"Chown Flag Exists","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"It is considered a best practice for every executable in a container to be owned by the root user even if it is executed by a non-root user, only execution permissions are required on the file, not ownership\n Value:The 'Dockerfile' contains the 'chown' flag.\n Expected value:The 'Dockerfile' shouldn´t contain the 'chown' flag"},"properties":{"security-severity":6.5}},{"id":"3455652598283285801 (sast)","name":"Client Hardcoded Domain","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The JavaScript file imported in @SourceElement in @SourceFile at line @SourceLine is from a remote domain, which may allow attackers to replace its contents with malicious code."},"properties":{"security-severity":6.5}},{"id":"17155209939029667221 (sast)","name":"Unsafe Use Of Target blank","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Using @SourceElement at line @SourceLine of @SourceFile, without correctly setting the \"rel\" attribute, or disassociating the new window from its parent, is an unsafe way of opening a new window."},"properties":{"security-severity":6.5}},{"id":"9001657640014870111 (sast)","name":"Trust Boundary Violation in Session Variables","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Method @SourceMethod at line @SourceLine of @SourceFile gets user input from element @SourceElement. This element’s value flows through the code without being properly sanitized or validated and is eventually stored in the server-side Session object, in @DestinationMethod at line @DestinationLine of @DestinationFile. This constitutes a Trust Boundary Violation.\n\n"},"properties":{"security-severity":6.5}},{"id":"1089818565155602739 (sast)","name":"Use Of Hardcoded Password","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application uses the hard-coded password @SourceElement for authentication purposes, either using it to verify users' identities, or to access another remote system. This password at line @SourceLine of @SourceFile appears in the code, implying it is accessible to anyone with source code access, and cannot be changed without rebuilding the application."},"properties":{"security-severity":6.5}},{"id":"9800224272094099502 (sast)","name":"Unprotected Cookie","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The web application's @SourceMethod method creates a cookie @SourceElement, at line @SourceLine of @SourceFile, and returns it in the response. However, the application is not configured to automatically set the cookie with the \"httpOnly\" attribute, and the code does not explicitly add this to the cookie.\n\n"},"properties":{"security-severity":6.5}},{"id":"9884244256835554923 (sast)","name":"Log Forging","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Method @SourceMethod at line @SourceLine of @SourceFile gets user input from element @SourceElement. This element’s value flows through the code without being properly sanitized or validated, and is eventually used in writing an audit log in @DestinationMethod at line @DestinationLine of @DestinationFile.\n\nThis may enable Log Forging.\n\n"},"properties":{"security-severity":6.5}},{"id":"cve-2019-1563 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."},"properties":{"security-severity":6.5}},{"id":"cve-2019-13232 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a \"better zip bomb\" issue."},"properties":{"security-severity":6.5}},{"id":"2783517675732844652 (sast)","name":"Use Of Hardcoded Password","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application uses the hard-coded password @SourceElement for authentication purposes, either using it to verify users' identities, or to access another remote system. This password at line @SourceLine of @SourceFile appears in the code, implying it is accessible to anyone with source code access, and cannot be changed without rebuilding the application.\n\n"},"properties":{"security-severity":6.5}},{"id":"12151859793050070545 (sast)","name":"Client Use Of Iframe Without Sandbox","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application employs an HTML iframe at whose contents are not properly sandboxed"},"properties":{"security-severity":6.5}},{"id":"3339566533927886347 (sast)","name":"Client JQuery Deprecated Symbols","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Method @DestinationMethod in @DestinationFile, at line @DestinationLine, calls an obsolete API, @DestinationElement. This has been deprecated, and should not be used in a modern codebase.\n\n"},"properties":{"security-severity":6.5}},{"id":"b03a748a-542d-44f4-bb86-9199ab4fd2d5 [Taken from query_id] (kics)","name":"Healthcheck Instruction Missing","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working\n Value:Dockerfile doesn't contain instruction 'HEALTHCHECK'.\n Expected value:Dockerfile contains instruction 'HEALTHCHECK'"},"properties":{"security-severity":6.5}},{"id":"0008c003-79aa-42d8-95b8-1c2fe37dbfe6 [Taken from query_id] (kics)","name":"Multiple RUN, ADD, COPY, Instructions Listed","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Multiple commands (RUN, Copy, And) should be grouped in order to reduce the number of layers.\n Value:There are RUN instructions that could be grouped.\n Expected value:There isn´t any RUN instruction that could be grouped"},"properties":{"security-severity":6.5}},{"id":"11100132039797172543 (sast)","name":"Client DOM Open Redirect","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The potentially tainted value provided by @SourceElement in @SourceFile at line @SourceLine is used as a destination URL by @DestinationElement in @DestinationFile at line @DestinationLine, potentially allowing attackers to perform an open redirection.\n\n"},"properties":{"security-severity":6.5}},{"id":"15434822379289186737 (sast)","name":"Use of Broken or Risky Cryptographic Algorithm","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In @SourceMethod, the application protects sensitive data using a cryptographic algorithm, @SourceElement, that is considered weak or even trivially broken, in @SourceFile at line @SourceLine.\n\n"},"properties":{"security-severity":6.5}},{"id":"cve-2021-40528 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP."},"properties":{"security-severity":8.5}},{"id":"77783205-c4ca-4f80-bb80-c777f267c547 [Taken from query_id] (kics)","name":"APT-GET Missing '-y' To Avoid Manual Input","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Check if apt-get calls use the flag -y to avoid user manual input.\n Value:FROM={{openjdk:11.0.1-jre-slim-stretch}}.{{RUN   apt-get update \u0026\u0026 apt-get install \u0026\u0026   useradd --home-dir /home/webgoat --create-home -U webgoat}} doesn't avoid manual input.\n Expected value:FROM={{openjdk:11.0.1-jre-slim-stretch}}.{{RUN   apt-get update \u0026\u0026 apt-get install \u0026\u0026   useradd --home-dir /home/webgoat --create-home -U webgoat}} avoids manual input"},"properties":{"security-severity":8.5}},{"id":"965a08d7-ef86-4f14-8792-4a3b2098937e [Taken from query_id] (kics)","name":"Apt Get Install Pin Version Not Defined","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"When installing a package, its pin version should be defined\n Value:Package 'nginx' does not have version defined.\n Expected value:Package 'nginx' has version defined"},"properties":{"security-severity":8.5}},{"id":"b86987e1-6397-4619-81d5-8807f2387c79 [Taken from query_id] (kics)","name":"Not Using JSON In CMD And ENTRYPOINT Arguments","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Ensure that we are using JSON in the CMD and ENTRYPOINT Arguments\n Value:FROM={{openjdk:15-slim}}.{{ENTRYPOINT /bin/bash /home/webgoat/start.sh $webgoat_version_env}} isn't in the JSON Notation.\n Expected value:FROM={{openjdk:15-slim}}.{{ENTRYPOINT /bin/bash /home/webgoat/start.sh $webgoat_version_env}} is in the JSON Notation"},"properties":{"security-severity":8.5}},{"id":"f4a6bcd3-e231-4acf-993c-aa027be50d2e [Taken from query_id] (kics)","name":"RUN Instruction Using 'cd' Instead of WORKDIR","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Use WORKDIR instead of proliferating instructions like RUN cd … \u0026\u0026 do-something, which are hard to read, troubleshoot, and maintain.\n Value:RUN cd /home/webgoat/; mkdir -p .webgoat-${webgoat_version}'.\n Expected value:Using WORKDIR to change directory"},"properties":{"security-severity":8.5}},{"id":"9bae49be-0aa3-4de5-bab2-4c3a069e40cd [Taken from query_id] (kics)","name":"Update Instruction Alone","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Instruction 'RUN \u003cpackage-manager\u003e update' should always be followed by '\u003cpackage-manager\u003e install' in the same RUN statement\n Value:Instruction 'RUN \u003cpackage-manager\u003e update' isn't followed by 'RUN \u003cpackage-manager\u003e install in the same 'RUN' statement.\n Expected value:Instruction 'RUN \u003cpackage-manager\u003e update' is followed by 'RUN \u003cpackage-manager\u003e install' "},"properties":{"security-severity":8.5}},{"id":"4635938147065118004 (sast)","name":"Absolute Path Traversal","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Method @SourceMethod at line @SourceLine of @SourceFile gets dynamic data from the @SourceElement element. This element’s value then flows through the code and is eventually used in a file path for local disk access in @DestinationMethod at line @DestinationLine of @DestinationFile. This may cause a Path Traversal vulnerability.\n\n"},"properties":{"security-severity":8.5}},{"id":"5872693300309307288 (sast)","name":"Cleartext Submission of Sensitive Information","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Potentially sensitive personal information @SourceElement, at line @SourceLine of @SourceFile, is sent over the unsecured network via @DestinationElement, in @DestinationMethod of @DestinationFile, line @DestinationLine. This could expose this personal data and allow it to be stolen.\n\n"},"properties":{"security-severity":8.5}},{"id":"15287255134376319324 (sast)","name":"HttpOnlyCookies","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The web application's @SourceMethod method creates a cookie @SourceElement, at line @SourceLine of @SourceFile, and returns it in the response. However, the application is not configured to automatically set the cookie with the \"httpOnly\" attribute, and the code does not explicitly add this to the cookie.\n\n"},"properties":{"security-severity":8.5}},{"id":"7567754570932744334 (sast)","name":"Client Potential XSS","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application's @DestinationMethod embeds untrusted data in the generated output with @DestinationElement, at line @DestinationLine of @DestinationFile. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.\n\n"},"properties":{"security-severity":8.5}},{"id":"7096281910242735216 (sast)","name":"Parameter Tampering","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Method @SourceMethod at line @SourceLine of @SourceFile gets user input from element @SourceElement. This input is later concatenated by the application directly into a string variable containing SQL commands, without being validated. This string is then used in method @DestinationMethod to query the database @DestinationElement, at line @DestinationLine of @DestinationFile, without any additional filtering by the database. This could allow the user to tamper with the filter parameter."},"properties":{"security-severity":8.5}},{"id":"13865268488594355872 (sast)","name":"JWT Sensitive Information Exposure","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application stores sensitive data @SourceElement in JWT body @DestinationElement at line @DestinationLine of the file @DestinationFile.\n\n"},"properties":{"security-severity":8.5}},{"id":"9214120936485315712 (sast)","name":"Session Fixation","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Method @SourceMethod at line @SourceLine of @SourceFile performs user authentication without terminating existing sessions. This may enable Session Fixation.\n\n"},"properties":{"security-severity":8.5}},{"id":"12956636075206043460 (sast)","name":"Privacy Violation","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Method @SourceMethod at line @SourceLine of @SourceFile sends user information outside the application. This may constitute a Privacy Violation.\n\n"},"properties":{"security-severity":8.5}},{"id":"15179929566605030594 (sast)","name":"SSRF","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application sends a request to a remote server, for some resource, using @DestinationElement in @DestinationFile:@DestinationLine. However, an attacker can control the target of the request, by sending a URL or other data in @SourceElement at @SourceFile:@SourceLine.\n\n"},"properties":{"security-severity":8.5}},{"id":"2301179517126599776 (sast)","name":"Use of a One Way Hash with a Predictable Salt","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application protects passwords with @DestinationElement in @DestinationMethod, of @DestinationFile at line @DestinationLine, using a cryptographic hash @SourceElement. However, the code does not salt the hash with an unpredictable, random value, allowing an attacker to reverse the hash value."},"properties":{"security-severity":8.5}},{"id":"18167789603095321044 (sast)","name":"Unsafe Object Binding","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The @SourceElement at @SourceFile in line @SourceLine may unintentionally allow setting the value of @DestinationElement in @DestinationMethod, in the object @DestinationFile at line @DestinationLine.\n\n"},"properties":{"security-severity":8.5}},{"id":"CVE-2018-10237 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable."},"properties":{"security-severity":8.5}},{"id":"CVE-2020-17521 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2."},"properties":{"security-severity":8.5}},{"id":"CVE-2020-14340 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"XNIO before 3.7.9.Final and 3.8.x before 3.8.2.Final has a file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. This may allow an attacker to cause a denial of service."},"properties":{"security-severity":8.5}},{"id":"CVE-2014-6071 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"jQuery can potentially allow remote attackers to conduct Cross-site scripting (XSS) attacks when using methods such as jQuery(), append() and after(). These methods accept an HTML string and can, by design, execute code. This can be avoided by sanitizing inputs when obtained from untrusted sources."},"properties":{"security-severity":8.5}},{"id":"CVE-2007-2379 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka \"JavaScript Hijacking.\" The package maintainer disputes the validity of this vulnerability."},"properties":{"security-severity":8.5}},{"id":"CVE-2016-10735 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041."},"properties":{"security-severity":8.5}},{"id":"CVE-2018-20677 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property."},"properties":{"security-severity":8.5}},{"id":"CVE-2019-8331 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute."},"properties":{"security-severity":8.5}},{"id":"CVE-2018-20676 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute."},"properties":{"security-severity":8.5}},{"id":"CVE-2018-14042 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip."},"properties":{"security-severity":8.5}},{"id":"CVE-2018-14041 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy."},"properties":{"security-severity":8.5}},{"id":"CVE-2018-14040 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute."},"properties":{"security-severity":8.5}},{"id":"CVE-2018-18405 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"** DISPUTED ** jQuery allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry."},"properties":{"security-severity":8.5}},{"id":"CVE-2015-9251 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"jQuery before 3.0.0-beta1 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."},"properties":{"security-severity":8.5}},{"id":"CVE-2020-11023 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing \u003coption\u003e elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."},"properties":{"security-severity":8.5}},{"id":"Cxf0b588a3-5c6f (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The package `jQuery` before 1.12.0, between 1.12.2 and 2.1.4 and between 2.2.2 and 2.2.4 is vulnerable to `XSS`. The function `jQuery.parseHTML()` in the file `src/core/parseHTML.js` doesn't stop scripts or inline event handlers from being executed immediately, which could result in XSS as the attacker could embed malicious scripts in the HTML (img nodes with embedded src url's which are pre-loaded when the page is requested) which would get executed immediately in the victim's browser even without user's intervention."},"properties":{"security-severity":8.5}},{"id":"CVE-2020-11022 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In jQuery versions before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0."},"properties":{"security-severity":8.5}},{"id":"CVE-2019-11358 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."},"properties":{"security-severity":8.5}},{"id":"CVE-2016-7103 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function."},"properties":{"security-severity":8.5}},{"id":"cve-2017-7526 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used."},"properties":{"security-severity":8.5}},{"id":"cve-2018-0495 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host."},"properties":{"security-severity":8.5}},{"id":"cve-2018-0501 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail."},"properties":{"security-severity":8.5}},{"id":"cve-2020-27350 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;"},"properties":{"security-severity":8.5}},{"id":"cve-2020-3810 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files."},"properties":{"security-severity":8.5}},{"id":"cve-2018-0734 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p)."},"properties":{"security-severity":8.5}},{"id":"cve-2018-0735 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1)."},"properties":{"security-severity":8.5}},{"id":"cve-2018-5407 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'."},"properties":{"security-severity":8.5}},{"id":"cve-2019-1547 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."},"properties":{"security-severity":8.5}},{"id":"cve-2019-1549 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)."},"properties":{"security-severity":8.5}},{"id":"cve-2019-1551 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t)."},"properties":{"security-severity":8.5}},{"id":"cve-2020-1971 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w)."},"properties":{"security-severity":8.5}},{"id":"cve-2021-23841 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."},"properties":{"security-severity":8.5}},{"id":"cve-2021-3449 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j)."},"properties":{"security-severity":8.5}},{"id":"cve-2021-4160 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb)."},"properties":{"security-severity":8.5}},{"id":"cve-2018-20482 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root)."},"properties":{"security-severity":8.5}},{"id":"cve-2019-5094 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."},"properties":{"security-severity":8.5}},{"id":"cve-2019-5188 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability."},"properties":{"security-severity":8.5}},{"id":"1779421333800271656 (sast)","name":"Client DOM Stored XSS","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application's @DestinationMethod embeds untrusted data in the generated output with @DestinationElement, at line @DestinationLine of @DestinationFile. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.\n\n"},"properties":{"security-severity":9.5}},{"id":"cve-2018-1000035 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"A heap-based buffer overflow exists in Info-Zip UnZip version \u003c= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."},"properties":{"security-severity":9.5}},{"id":"cve-2020-1967 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f)."},"properties":{"security-severity":9.5}},{"id":"cve-2021-23840 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x)."},"properties":{"security-severity":9.5}},{"id":"cve-2021-3711 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the \"out\" parameter can be NULL and, on exit, the \"outlen\" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the \"out\" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)."},"properties":{"security-severity":9.5}},{"id":"cve-2021-3712 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)."},"properties":{"security-severity":9.5}},{"id":"cve-2022-0778 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc)."},"properties":{"security-severity":9.5}},{"id":"cve-2018-0732 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o)."},"properties":{"security-severity":9.5}},{"id":"CVE-2016-10707 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"jQuery 3.0.0-rc1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit."},"properties":{"security-severity":9.5}},{"id":"cve-2016-2779 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer."},"properties":{"security-severity":9.5}},{"id":"14517067005933136034 (sast)","name":"SQL Injection","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application's @DestinationMethod method executes an SQL query with @DestinationElement, at line @DestinationLine of @DestinationFile. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.\n\nAn attacker would be able to inject arbitrary syntax and data into the SQL query, by crafting a malicious payload and providing it via the input @SourceElement; this input is then read by the @SourceMethod method at line @SourceLine of @SourceFile. This input then flows through the code, into a query and to the database server - without sanitization.\r\n\r\nThis may enable an SQL Injection attack.\n\n"},"properties":{"security-severity":9.5}},{"id":"cve-2018-7738 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion."},"properties":{"security-severity":9.5}},{"id":"8481125285487743346 (sast)","name":"Reflected XSS All Clients","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application's @DestinationMethod embeds untrusted data in the generated output with @DestinationElement, at line @DestinationLine of @DestinationFile. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.\n\nThe attacker would be able to alter the returned web page by simply providing modified data in the user input @SourceElement, which is read by the @SourceMethod method at line @SourceLine of @SourceFile. This input then flows through the code straight to the output web page, without sanitization. \r\n\r\nThis can enable a Reflected Cross-Site Scripting (XSS) attack.\n\n"},"properties":{"security-severity":9.5}},{"id":"cve-2017-0379 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Libgcrypt before 1.8.1 does not properly consider Curve25519 side-channel attacks, which makes it easier for attackers to discover a secret key, related to cipher/ecc.c and mpi/ec.c."},"properties":{"security-severity":9.5}},{"id":"cve-2019-12900 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."},"properties":{"security-severity":9.5}},{"id":"cve-2019-3462 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine."},"properties":{"security-severity":9.5}},{"id":"cve-2017-10790 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack."},"properties":{"security-severity":9.5}},{"id":"cve-2018-6003 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS."},"properties":{"security-severity":9.5}},{"id":"cve-2017-17512 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument."},"properties":{"security-severity":9.5}},{"id":"8558184832467657344 (sast)","name":"Second Order SQL Injection","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application's @DestinationMethod method executes an SQL query with @DestinationElement, at line @DestinationLine of @DestinationFile. The application constructs this SQL query by embedding an untrusted string into the query without proper sanitization. The concatenated string is submitted to the database, where it is parsed and executed accordingly.\n\nThe attacker may be able to write arbitrary data to the database, which is then retrieved by the application with @SourceElement in @SourceMethod method at line @SourceLine of @SourceFile. This data then flows through the code, until it is used directly in the SQL query without sanitization, and then submitted to the database server for execution.\r\n\r\nThis may enable a Second-Order SQL Injection attack.\n\n"},"properties":{"security-severity":9.5}},{"id":"cve-2019-1543 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored. It is a requirement of using this cipher that nonce values are unique. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. If an application changes the default nonce length to be longer than 12 bytes and then makes a change to the leading bytes of the nonce expecting the new value to be a new unique nonce then such an application could inadvertently encrypt messages with a reused nonce. Additionally the ignored bytes in a long nonce are not covered by the integrity guarantee of this cipher. Any application that relies on the integrity of these ignored leading bytes of a long nonce may be further affected. Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe because no such use sets such a long nonce value. However user applications that use this cipher directly and set a non-default nonce length to be longer than 12 bytes may be vulnerable. OpenSSL versions 1.1.1 and 1.1.0 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1c (Affected 1.1.1-1.1.1b). Fixed in OpenSSL 1.1.0k (Affected 1.1.0-1.1.0j)."},"properties":{"security-severity":9.5}},{"id":"13625251660291496964 (sast)","name":"Stored XSS","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application's @DestinationMethod embeds untrusted data in the generated output with @DestinationElement, at line @DestinationLine of @DestinationFile. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.\n\nThe attacker would be able to alter the returned web page by saving malicious data in a data-store ahead of time. The attacker's modified data is then read from the database by the @SourceMethod method with @SourceElement, at line @SourceLine of @SourceFile. This untrusted data then flows through the code straight to the output web page, without sanitization. \r\n\r\nThis can enable a Stored Cross-Site Scripting (XSS) attack.\n\n"},"properties":{"security-severity":9.5}},{"id":"9920599561530748290 (sast)","name":"Deserialization of Untrusted Data","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The serialized object @SourceElement processed in @SourceMethod in the file @SourceFile at line @SourceLine is deserialized by @DestinationElement in the file @DestinationFile at line @DestinationLine.\n\n"},"properties":{"security-severity":9.5}},{"id":"10016977899842968824 (sast)","name":"Client DOM XSS","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"The application's @DestinationMethod embeds untrusted data in the generated output with @DestinationElement, at line @DestinationLine of @DestinationFile. This untrusted data is embedded straight into the output without proper sanitization or encoding, enabling an attacker to inject malicious code into the output.\n\n"},"properties":{"security-severity":9.5}},{"id":"CVE-2020-11979 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"As mitigation for CVE-2020-1945 Apache Ant 1.10.8 and 1.9.15 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process."},"properties":{"security-severity":9.5}},{"id":"CVE-2013-7285 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Xstream API versions up to 1.4.6, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON."},"properties":{"security-severity":9.5}},{"id":"CVE-2020-26217 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14, and patched in versions 1.4.14-jdk7 and 1.4.14-java7."},"properties":{"security-severity":9.5}},{"id":"CVE-2017-7957 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(\"\u003cvoid/\u003e\") call."},"properties":{"security-severity":9.5}},{"id":"CVE-2016-3674 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Multiple XML external entity (XXE) vulnerabilities in the (1) Dom4JDriver, (2) DomDriver, (3) JDomDriver, (4) JDom2Driver, (5) SjsxpDriver, (6) StandardStaxDriver, and (7) WstxDriver drivers in XStream before 1.4.9 allow remote attackers to read arbitrary files via a crafted XML document."},"properties":{"security-severity":9.5}},{"id":"CVE-2021-45105 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.\r\n\r\nOnly the log4j-core package is directly affected by this vulnerability. Log4j-api is included as an affected package in order to detect usages of the Logger class with the exploitable path, as used in exploitation POCs in the wild."},"properties":{"security-severity":9.5}},{"id":"CVE-2021-3197 (sca)","helpUri":"https://checkmarx.atlassian.net/wiki/spaces/AST/pages/5844861345/CxAST+Documentation","fullDescription":{"text":"An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request."},"properties":{"security-severity":9.5}}]}},"results":[{"ruleId":"7384dfb2-fcd1-4fbf-91cd-6c44c318c33c [Taken from query_id] (kics)","level":"note","message":{"text":"APT-GET Not Avoiding Additional Packages"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/Dockerfile"},"region":{"startLine":5,"startColumn":1,"endColumn":2}}}]},{"ruleId":"7384dfb2-fcd1-4fbf-91cd-6c44c318c33c [Taken from query_id] (kics)","level":"note","message":{"text":"APT-GET Not Avoiding Additional Packages"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":8,"startColumn":1,"endColumn":2}}}]},{"ruleId":"df746b39-6564-4fed-bf85-e9c44382303c [Taken from query_id] (kics)","level":"note","message":{"text":"Apt Get Install Lists Were Not Deleted"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/Dockerfile"},"region":{"startLine":5,"startColumn":1,"endColumn":2}}}]},{"ruleId":"df746b39-6564-4fed-bf85-e9c44382303c [Taken from query_id] (kics)","level":"note","message":{"text":"Apt Get Install Lists Were Not Deleted"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":8,"startColumn":1,"endColumn":2}}}]},{"ruleId":"df746b39-6564-4fed-bf85-e9c44382303c [Taken from query_id] (kics)","level":"note","message":{"text":"Apt Get Install Lists Were Not Deleted"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/Dockerfile"},"region":{"startLine":5,"startColumn":1,"endColumn":2}}}]},{"ruleId":"7384dfb2-fcd1-4fbf-91cd-6c44c318c33c [Taken from query_id] (kics)","level":"note","message":{"text":"APT-GET Not Avoiding Additional Packages"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/Dockerfile"},"region":{"startLine":5,"startColumn":1,"endColumn":2}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/User.java"},"region":{"startLine":31,"startColumn":20,"endColumn":28}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java"},"region":{"startLine":50,"startColumn":20,"endColumn":28}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".mvn/wrapper/MavenWrapperDownloader.java"},"region":{"startLine":100,"startColumn":20,"endColumn":28}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java"},"region":{"startLine":57,"startColumn":32,"endColumn":50}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-integration-tests/src/test/java/org/owasp/webgoat/CryptoTest.java"},"region":{"startLine":60,"startColumn":10,"endColumn":20}}}]},{"ruleId":"aa93e17f-b6db-4162-9334-c70334e7ac28 [Taken from query_id] (kics)","level":"note","message":{"text":"Chown Flag Exists"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":12,"startColumn":1,"endColumn":2}}}]},{"ruleId":"aa93e17f-b6db-4162-9334-c70334e7ac28 [Taken from query_id] (kics)","level":"note","message":{"text":"Chown Flag Exists"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":13,"startColumn":1,"endColumn":2}}}]},{"ruleId":"3455652598283285801 (sast)","level":"note","message":{"text":"Client Hardcoded Domain"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docs/index.html"},"region":{"startLine":7,"startColumn":31,"endColumn":69}}}]},{"ruleId":"17155209939029667221 (sast)","level":"note","message":{"text":"Unsafe Use Of Target blank"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/index.html"},"region":{"startLine":65,"startColumn":5,"endColumn":82}}}]},{"ruleId":"17155209939029667221 (sast)","level":"note","message":{"text":"Unsafe Use Of Target blank"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/index.html"},"region":{"startLine":63,"startColumn":5,"endColumn":82}}}]},{"ruleId":"9001657640014870111 (sast)","level":"note","message":{"text":"Trust Boundary Violation in Session Variables"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":47,"startColumn":51,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":50,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":50,"startColumn":45,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":50,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":50,"startColumn":10,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":53,"startColumn":29,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":41,"startColumn":43,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":48,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":63,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":75,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":94,"endColumn":95}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":53,"startColumn":28,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":53,"startColumn":4,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":54,"startColumn":51,"endColumn":60}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java"},"region":{"startLine":26,"startColumn":30,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java"},"region":{"startLine":26,"startColumn":29,"endColumn":30}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java"},"region":{"startLine":49,"startColumn":35,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java"},"region":{"startLine":49,"startColumn":34,"endColumn":35}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java"},"region":{"startLine":77,"startColumn":35,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java"},"region":{"startLine":77,"startColumn":34,"endColumn":35}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java"},"region":{"startLine":51,"startColumn":30,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java"},"region":{"startLine":51,"startColumn":29,"endColumn":30}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java"},"region":{"startLine":62,"startColumn":35,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java"},"region":{"startLine":62,"startColumn":34,"endColumn":35}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java"},"region":{"startLine":38,"startColumn":30,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/test/java/org/owasp/webgoat/users/UserValidatorTest.java"},"region":{"startLine":38,"startColumn":29,"endColumn":30}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserValidatorTest.java"},"region":{"startLine":73,"startColumn":13,"endColumn":21}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java"},"region":{"startLine":73,"startColumn":13,"endColumn":21}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/test/java/org/owasp/webwolf/user/UserServiceTest.java"},"region":{"startLine":51,"startColumn":13,"endColumn":21}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java"},"region":{"startLine":61,"startColumn":16,"endColumn":24}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/test/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignmentTest.java"},"region":{"startLine":93,"startColumn":16,"endColumn":24}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java"},"region":{"startLine":54,"startColumn":25,"endColumn":39}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":62,"startColumn":33,"endColumn":45}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":61,"startColumn":32,"endColumn":40}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java"},"region":{"startLine":36,"startColumn":12,"endColumn":31}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java"},"region":{"startLine":35,"startColumn":12,"endColumn":24}}}]},{"ruleId":"1089818565155602739 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/SolutionConstants.java"},"region":{"startLine":34,"startColumn":12,"endColumn":20}}}]},{"ruleId":"9800224272094099502 (sast)","level":"note","message":{"text":"Unprotected Cookie"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/resources/js/handler.js"},"region":{"startLine":9,"startColumn":11,"endColumn":17}}}]},{"ruleId":"9884244256835554923 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":64,"startColumn":84,"endColumn":91}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":73,"startColumn":37,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":73,"startColumn":12,"endColumn":13}}}]},{"ruleId":"9884244256835554923 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java"},"region":{"startLine":42,"startColumn":72,"endColumn":73}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java"},"region":{"startLine":42,"startColumn":22,"endColumn":23}}}]},{"ruleId":"9884244256835554923 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java"},"region":{"startLine":40,"startColumn":62,"endColumn":69}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java"},"region":{"startLine":42,"startColumn":51,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java"},"region":{"startLine":42,"startColumn":72,"endColumn":73}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/requests/LandingPage.java"},"region":{"startLine":42,"startColumn":22,"endColumn":23}}}]},{"ruleId":"9884244256835554923 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":49,"startColumn":66,"endColumn":75}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":50,"startColumn":59,"endColumn":68}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":50,"startColumn":39,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":50,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":51,"startColumn":19,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":51,"startColumn":18,"endColumn":19}}}]},{"ruleId":"9884244256835554923 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":49,"startColumn":116,"endColumn":120}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":50,"startColumn":70,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":50,"startColumn":39,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":50,"startColumn":16,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":51,"startColumn":19,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/java/org/owasp/webgoat/xxe/Ping.java"},"region":{"startLine":51,"startColumn":18,"endColumn":19}}}]},{"ruleId":"9884244256835554923 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java"},"region":{"startLine":50,"startColumn":38,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java"},"region":{"startLine":51,"startColumn":92,"endColumn":96}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java"},"region":{"startLine":51,"startColumn":91,"endColumn":92}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/src/main/java/org/owasp/webgoat/StartWebGoat.java"},"region":{"startLine":51,"startColumn":17,"endColumn":18}}}]},{"ruleId":"9884244256835554923 (sast)","level":"note","message":{"text":"Log Forging"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java"},"region":{"startLine":81,"startColumn":106,"endColumn":110}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java"},"region":{"startLine":85,"startColumn":68,"endColumn":72}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/service/LabelService.java"},"region":{"startLine":85,"startColumn":22,"endColumn":23}}}]},{"ruleId":"3455652598283285801 (sast)","level":"note","message":{"text":"Client Hardcoded Domain"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/resources/html/SpoofCookie.html"},"region":{"startLine":6,"startColumn":8,"endColumn":65}}}]},{"ruleId":"3455652598283285801 (sast)","level":"note","message":{"text":"Client Hardcoded Domain"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/vulnerable-components/src/main/resources/html/VulnerableComponents.html"},"region":{"startLine":5,"startColumn":50,"endColumn":107}}}]},{"ruleId":"3455652598283285801 (sast)","level":"note","message":{"text":"Client Hardcoded Domain"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/resources/templates/fragments/header.html"},"region":{"startLine":7,"startColumn":25,"endColumn":100}}}]},{"ruleId":"2783517675732844652 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":62,"endColumn":104}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":6,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":229,"endColumn":236}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":220,"endColumn":228}}}]},{"ruleId":"2783517675732844652 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":62,"endColumn":104}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":6,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":229,"endColumn":236}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":220,"endColumn":228}}}]},{"ruleId":"2783517675732844652 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-login/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":62,"endColumn":104}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-login/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":6,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-login/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":229,"endColumn":236}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-login/src/main/resources/js/credentials.js"},"region":{"startLine":5,"startColumn":220,"endColumn":228}}}]},{"ruleId":"12151859793050070545 (sast)","level":"note","message":{"text":"Client Use Of Iframe Without Sandbox"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1259,"startColumn":22,"endColumn":28}}}]},{"ruleId":"12151859793050070545 (sast)","level":"note","message":{"text":"Client Use Of Iframe Without Sandbox"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/toggle.js"},"region":{"startLine":10,"startColumn":8,"endColumn":14}}}]},{"ruleId":"12151859793050070545 (sast)","level":"note","message":{"text":"Client Use Of Iframe Without Sandbox"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js"},"region":{"startLine":2537,"startColumn":17,"endColumn":23}}}]},{"ruleId":"12151859793050070545 (sast)","level":"note","message":{"text":"Client Use Of Iframe Without Sandbox"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-wysihtml5/js/wysihtml5-0.3.0.js"},"region":{"startLine":5404,"startColumn":11,"endColumn":17}}}]},{"ruleId":"2783517675732844652 (sast)","level":"note","message":{"text":"Use Of Hardcoded Password"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js"},"region":{"startLine":10,"startColumn":53,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-refresh.js"},"region":{"startLine":10,"startColumn":43,"endColumn":51}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/UserAndInfoView.js"},"region":{"startLine":38,"startColumn":90,"endColumn":96}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js"},"region":{"startLine":18,"startColumn":15,"endColumn":24}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js"},"region":{"startLine":32,"startColumn":15,"endColumn":24}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-buy.js"},"region":{"startLine":4,"startColumn":16,"endColumn":25}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-buy.js"},"region":{"startLine":14,"startColumn":16,"endColumn":25}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/MenuView.js"},"region":{"startLine":69,"startColumn":26,"endColumn":30}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/MenuView.js"},"region":{"startLine":85,"startColumn":26,"endColumn":30}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":100,"startColumn":34,"endColumn":39}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-slider/js/bootstrap-slider.js"},"region":{"startLine":135,"startColumn":18,"endColumn":23}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-slider/js/bootstrap-slider.js"},"region":{"startLine":141,"startColumn":19,"endColumn":24}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-slider/js/bootstrap-slider.js"},"region":{"startLine":142,"startColumn":19,"endColumn":24}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":81,"startColumn":54,"endColumn":58}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":402,"startColumn":95,"endColumn":100}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":406,"startColumn":80,"endColumn":85}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":406,"startColumn":169,"endColumn":174}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":73,"startColumn":110,"endColumn":115}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":926,"startColumn":26,"endColumn":31}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":149,"startColumn":79,"endColumn":84}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":149,"startColumn":123,"endColumn":128}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":159,"startColumn":89,"endColumn":94}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":951,"startColumn":88,"endColumn":96}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":459,"startColumn":101,"endColumn":106}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":606,"startColumn":22,"endColumn":27}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":102,"startColumn":258,"endColumn":263}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":102,"startColumn":302,"endColumn":307}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-slider/js/bootstrap-slider.js"},"region":{"startLine":221,"startColumn":18,"endColumn":23}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":480,"startColumn":92,"endColumn":97}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":109,"startColumn":160,"endColumn":165}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":620,"startColumn":39,"endColumn":47}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":505,"startColumn":124,"endColumn":129}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":509,"startColumn":78,"endColumn":83}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":515,"startColumn":102,"endColumn":107}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":306,"startColumn":175,"endColumn":180}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-slider/js/bootstrap-slider.js"},"region":{"startLine":226,"startColumn":17,"endColumn":22}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":321,"startColumn":183,"endColumn":188}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":539,"startColumn":70,"endColumn":75}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-wysihtml5/js/bootstrap3-wysihtml5.js"},"region":{"startLine":390,"startColumn":15,"endColumn":20}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":332,"startColumn":395,"endColumn":400}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":334,"startColumn":70,"endColumn":75}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":338,"startColumn":94,"endColumn":99}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":352,"startColumn":150,"endColumn":155}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":1074,"startColumn":75,"endColumn":80}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":1074,"startColumn":140,"endColumn":145}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":1093,"startColumn":30,"endColumn":35}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-slider/js/bootstrap-slider.js"},"region":{"startLine":131,"startColumn":19,"endColumn":24}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":912,"startColumn":22,"endColumn":30}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":912,"startColumn":45,"endColumn":49}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-slider/js/bootstrap-slider.js"},"region":{"startLine":220,"startColumn":19,"endColumn":24}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":707,"startColumn":111,"endColumn":116}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":707,"startColumn":176,"endColumn":181}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/plugins/bootstrap-slider/js/bootstrap-slider.js"},"region":{"startLine":225,"startColumn":19,"endColumn":24}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":718,"startColumn":22,"endColumn":27}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":329,"startColumn":112,"endColumn":117}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/bootstrap.min.js"},"region":{"startLine":211,"startColumn":104,"endColumn":109}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":612,"startColumn":89,"endColumn":94}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":616,"startColumn":88,"endColumn":93}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/bootstrap.min.js"},"region":{"startLine":617,"startColumn":92,"endColumn":97}}}]},{"ruleId":"3339566533927886347 (sast)","level":"note","message":{"text":"Client JQuery Deprecated Symbols"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/MenuView.js"},"region":{"startLine":54,"startColumn":21,"endColumn":25}}}]},{"ruleId":"aa93e17f-b6db-4162-9334-c70334e7ac28 [Taken from query_id] (kics)","level":"note","message":{"text":"Chown Flag Exists"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":16,"startColumn":1,"endColumn":2}}}]},{"ruleId":"aa93e17f-b6db-4162-9334-c70334e7ac28 [Taken from query_id] (kics)","level":"note","message":{"text":"Chown Flag Exists"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":15,"startColumn":1,"endColumn":2}}}]},{"ruleId":"b03a748a-542d-44f4-bb86-9199ab4fd2d5 [Taken from query_id] (kics)","level":"note","message":{"text":"Healthcheck Instruction Missing"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]},{"ruleId":"b03a748a-542d-44f4-bb86-9199ab4fd2d5 [Taken from query_id] (kics)","level":"note","message":{"text":"Healthcheck Instruction Missing"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/Dockerfile"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]},{"ruleId":"b03a748a-542d-44f4-bb86-9199ab4fd2d5 [Taken from query_id] (kics)","level":"note","message":{"text":"Healthcheck Instruction Missing"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/Dockerfile"},"region":{"startLine":1,"startColumn":1,"endColumn":2}}}]},{"ruleId":"0008c003-79aa-42d8-95b8-1c2fe37dbfe6 [Taken from query_id] (kics)","level":"note","message":{"text":"Multiple RUN, ADD, COPY, Instructions Listed"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":6,"startColumn":1,"endColumn":2}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1188,"startColumn":36,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1188,"startColumn":18,"endColumn":26}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1340,"startColumn":39,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":31,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1356,"startColumn":25,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1356,"startColumn":27,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1356,"startColumn":32,"endColumn":39}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1347,"startColumn":40,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":31,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1356,"startColumn":25,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1356,"startColumn":27,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1356,"startColumn":32,"endColumn":39}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1340,"startColumn":39,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":31,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1356,"startColumn":25,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":19,"endColumn":26}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1347,"startColumn":40,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":31,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1356,"startColumn":25,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":19,"endColumn":26}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1215,"startColumn":47,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1215,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1216,"startColumn":24,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1227,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1227,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":22,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1329,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":19,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1340,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":37,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":19,"endColumn":26}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":55,"endColumn":63}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1207,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":26,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":84,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":22,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1329,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":19,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1340,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":37,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":19,"endColumn":26}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":40,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":59,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1212,"startColumn":24,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":71,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1207,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":26,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":84,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":22,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1329,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":19,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1340,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":37,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1357,"startColumn":19,"endColumn":26}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1215,"startColumn":47,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1215,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1216,"startColumn":24,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1227,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1227,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1245,"startColumn":34,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1245,"startColumn":18,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1267,"startColumn":46,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1267,"startColumn":28,"endColumn":32}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":55,"endColumn":63}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1207,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":26,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":84,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1245,"startColumn":34,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1245,"startColumn":18,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1267,"startColumn":46,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1267,"startColumn":28,"endColumn":32}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":40,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":59,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1212,"startColumn":24,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":71,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1207,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":26,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":84,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1245,"startColumn":34,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1245,"startColumn":18,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1267,"startColumn":46,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1267,"startColumn":28,"endColumn":32}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":55,"endColumn":63}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1207,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":26,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":84,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1250,"startColumn":58,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1250,"startColumn":35,"endColumn":42}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":40,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":59,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1212,"startColumn":24,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":71,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1207,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":26,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":84,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1250,"startColumn":58,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1250,"startColumn":35,"endColumn":42}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1215,"startColumn":47,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1215,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1216,"startColumn":24,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1227,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1227,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":22,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1329,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":19,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1340,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1359,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1359,"startColumn":19,"endColumn":23}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":55,"endColumn":63}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1207,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":26,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":84,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":22,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1329,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":19,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1340,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1359,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1359,"startColumn":19,"endColumn":23}}}]},{"ruleId":"15434822379289186737 (sast)","level":"note","message":{"text":"Use of Broken or Risky Cryptographic Algorithm"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":56,"startColumn":51,"endColumn":52}}}]},{"ruleId":"17155209939029667221 (sast)","level":"note","message":{"text":"Unsafe Use Of Target blank"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/webwolf-introduction/src/main/resources/html/WebWolfIntroduction.html"},"region":{"startLine":73,"startColumn":9,"endColumn":75}}}]},{"ruleId":"11100132039797172543 (sast)","level":"note","message":{"text":"Client DOM Open Redirect"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":40,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":59,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1211,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1212,"startColumn":24,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":71,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1207,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1208,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":26,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":84,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1219,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1220,"startColumn":55,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1225,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":20,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1230,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":22,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1327,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1329,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":19,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1333,"startColumn":13,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1340,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1354,"startColumn":34,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1359,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1359,"startColumn":19,"endColumn":23}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":28,"startColumn":20,"endColumn":28}}}]},{"ruleId":"aa93e17f-b6db-4162-9334-c70334e7ac28 [Taken from query_id] (kics)","level":"note","message":{"text":"Chown Flag Exists"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":14,"startColumn":1,"endColumn":2}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":52,"startColumn":11,"endColumn":19}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":72,"startColumn":16,"endColumn":24}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/password-reset/src/main/java/org/owasp/webgoat/password_reset/ResetLinkAssignment.java"},"region":{"startLine":74,"startColumn":20,"endColumn":31}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":90,"startColumn":16,"endColumn":28}}}]},{"ruleId":"8423996506624030647 (sast)","level":"note","message":{"text":"Heap Inspection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6b.java"},"region":{"startLine":61,"startColumn":16,"endColumn":24}}}]},{"ruleId":"77783205-c4ca-4f80-bb80-c777f267c547 [Taken from query_id] (kics)","level":"warning","message":{"text":"APT-GET Missing '-y' To Avoid Manual Input"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/Dockerfile"},"region":{"startLine":5,"startColumn":1,"endColumn":2}}}]},{"ruleId":"965a08d7-ef86-4f14-8792-4a3b2098937e [Taken from query_id] (kics)","level":"warning","message":{"text":"Apt Get Install Pin Version Not Defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":8,"startColumn":1,"endColumn":2}}}]},{"ruleId":"965a08d7-ef86-4f14-8792-4a3b2098937e [Taken from query_id] (kics)","level":"warning","message":{"text":"Apt Get Install Pin Version Not Defined"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":8,"startColumn":1,"endColumn":2}}}]},{"ruleId":"b86987e1-6397-4619-81d5-8807f2387c79 [Taken from query_id] (kics)","level":"warning","message":{"text":"Not Using JSON In CMD And ENTRYPOINT Arguments"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":22,"startColumn":1,"endColumn":2}}}]},{"ruleId":"f4a6bcd3-e231-4acf-993c-aa027be50d2e [Taken from query_id] (kics)","level":"warning","message":{"text":"RUN Instruction Using 'cd' Instead of WORKDIR"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-server/Dockerfile"},"region":{"startLine":10,"startColumn":1,"endColumn":2}}}]},{"ruleId":"9bae49be-0aa3-4de5-bab2-4c3a069e40cd [Taken from query_id] (kics)","level":"warning","message":{"text":"Update Instruction Alone"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"docker/Dockerfile"},"region":{"startLine":6,"startColumn":1,"endColumn":2}}}]},{"ruleId":"4635938147065118004 (sast)","level":"warning","message":{"text":"Absolute Path Traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":".mvn/wrapper/MavenWrapperDownloader.java"},"region":{"startLine":48,"startColumn":36,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":".mvn/wrapper/MavenWrapperDownloader.java"},"region":{"startLine":50,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":".mvn/wrapper/MavenWrapperDownloader.java"},"region":{"startLine":50,"startColumn":30,"endColumn":33}}}]},{"ruleId":"4635938147065118004 (sast)","level":"warning","message":{"text":"Absolute Path Traversal"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java"},"region":{"startLine":48,"startColumn":38,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java"},"region":{"startLine":52,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java"},"region":{"startLine":52,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java"},"region":{"startLine":54,"startColumn":67,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge7/MD5.java"},"region":{"startLine":54,"startColumn":58,"endColumn":61}}}]},{"ruleId":"5872693300309307288 (sast)","level":"warning","message":{"text":"Cleartext Submission of Sensitive Information"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":103,"startColumn":73,"endColumn":85}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":103,"startColumn":30,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":104,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":101,"startColumn":20,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":105,"startColumn":56,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":105,"startColumn":29,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":105,"startColumn":20,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":106,"startColumn":32,"endColumn":38}}}]},{"ruleId":"15287255134376319324 (sast)","level":"warning","message":{"text":"HttpOnlyCookies"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":110,"startColumn":20,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":111,"startColumn":32,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":111,"startColumn":31,"endColumn":32}}}]},{"ruleId":"15287255134376319324 (sast)","level":"warning","message":{"text":"HttpOnlyCookies"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":79,"startColumn":16,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":80,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":81,"startColumn":28,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":81,"startColumn":27,"endColumn":28}}}]},{"ruleId":"15287255134376319324 (sast)","level":"warning","message":{"text":"HttpOnlyCookies"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":105,"startColumn":20,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":106,"startColumn":32,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":106,"startColumn":31,"endColumn":32}}}]},{"ruleId":"15287255134376319324 (sast)","level":"warning","message":{"text":"HttpOnlyCookies"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":93,"startColumn":20,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":94,"startColumn":13,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":95,"startColumn":13,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":96,"startColumn":32,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/spoof-cookie/src/main/java/org/owasp/webgoat/spoofcookie/SpoofCookieAssignment.java"},"region":{"startLine":96,"startColumn":31,"endColumn":32}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/ace.js"},"region":{"startLine":21469,"startColumn":31,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/ace.js"},"region":{"startLine":21469,"startColumn":36,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/ace.js"},"region":{"startLine":21469,"startColumn":8,"endColumn":17}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js"},"region":{"startLine":9,"startColumn":29,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js"},"region":{"startLine":9,"startColumn":13,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js"},"region":{"startLine":11,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js"},"region":{"startLine":11,"startColumn":15,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFilteringFree.js"},"region":{"startLine":11,"startColumn":9,"endColumn":10}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":39,"startColumn":64,"endColumn":68}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":39,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":39,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":40,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":40,"startColumn":28,"endColumn":34}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":77,"startColumn":60,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":77,"startColumn":31,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":77,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":78,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":78,"startColumn":22,"endColumn":28}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":39,"startColumn":64,"endColumn":68}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":39,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":39,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":40,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":40,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":40,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":41,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":41,"startColumn":28,"endColumn":34}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":105,"startColumn":42,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":105,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":111,"startColumn":26,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":111,"startColumn":21,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":110,"startColumn":19,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":117,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":118,"startColumn":44,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":123,"startColumn":42,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":124,"startColumn":37,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":124,"startColumn":42,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":176,"startColumn":39,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":52,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":169,"startColumn":46,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":24,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":30,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":54,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":35,"endColumn":39}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":105,"startColumn":42,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":105,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":111,"startColumn":26,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":111,"startColumn":21,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":110,"startColumn":19,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":117,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":118,"startColumn":44,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":123,"startColumn":42,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":125,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":125,"startColumn":40,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":183,"startColumn":37,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":169,"startColumn":46,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":24,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":30,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":52,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":33,"endColumn":37}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":106,"startColumn":45,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":106,"startColumn":21,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":113,"startColumn":29,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":113,"startColumn":21,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":110,"startColumn":19,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":117,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":118,"startColumn":44,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":123,"startColumn":42,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":124,"startColumn":37,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":124,"startColumn":42,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":176,"startColumn":39,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":52,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":169,"startColumn":46,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":24,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":30,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":54,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":35,"endColumn":39}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":106,"startColumn":45,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":106,"startColumn":21,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":113,"startColumn":29,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":113,"startColumn":21,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":110,"startColumn":19,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":117,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":118,"startColumn":44,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":123,"startColumn":42,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":125,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":125,"startColumn":40,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":183,"startColumn":37,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":169,"startColumn":46,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":24,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":30,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":52,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":33,"endColumn":37}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":107,"startColumn":81,"endColumn":85}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":107,"startColumn":21,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":115,"startColumn":78,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":115,"startColumn":21,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":110,"startColumn":19,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":117,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":118,"startColumn":44,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":123,"startColumn":42,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":124,"startColumn":37,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":124,"startColumn":42,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":176,"startColumn":39,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":52,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":169,"startColumn":46,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":24,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":30,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":177,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":54,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":178,"startColumn":35,"endColumn":39}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":107,"startColumn":81,"endColumn":85}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":107,"startColumn":21,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":115,"startColumn":78,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":115,"startColumn":21,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":110,"startColumn":19,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":117,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":118,"startColumn":44,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":123,"startColumn":42,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":125,"startColumn":35,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":125,"startColumn":40,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":183,"startColumn":37,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":169,"startColumn":46,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":24,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":173,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":30,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":184,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":52,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/view/LessonContentView.js"},"region":{"startLine":185,"startColumn":33,"endColumn":37}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":69,"startColumn":49,"endColumn":52}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":24,"startColumn":54,"endColumn":57}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":8,"startColumn":48,"endColumn":51}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":41,"startColumn":63,"endColumn":66}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":7,"startColumn":42,"endColumn":45}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":40,"startColumn":57,"endColumn":60}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":68,"startColumn":55,"endColumn":58}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":23,"startColumn":48,"endColumn":51}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":22,"startColumn":54,"endColumn":57}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":6,"startColumn":48,"endColumn":51}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":39,"startColumn":63,"endColumn":66}}}]},{"ruleId":"7567754570932744334 (sast)","level":"warning","message":{"text":"Client Potential XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/path-traversal/src/main/resources/js/path_traversal.js"},"region":{"startLine":70,"startColumn":55,"endColumn":58}}}]},{"ruleId":"7096281910242735216 (sast)","level":"warning","message":{"text":"Parameter Tampering"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java"},"region":{"startLine":92,"startColumn":63,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java"},"region":{"startLine":92,"startColumn":38,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java"},"region":{"startLine":94,"startColumn":128,"endColumn":131}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java"},"region":{"startLine":94,"startColumn":85,"endColumn":86}}}]},{"ruleId":"7096281910242735216 (sast)","level":"warning","message":{"text":"Parameter Tampering"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":52,"startColumn":56,"endColumn":69}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":53,"startColumn":44,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":56,"startColumn":63,"endColumn":69}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":58,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":58,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":63,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":63,"startColumn":59,"endColumn":60}}}]},{"ruleId":"13865268488594355872 (sast)","level":"warning","message":{"text":"JWT Sensitive Information Exposure"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":70,"startColumn":32,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java"},"region":{"startLine":187,"startColumn":90,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java"},"region":{"startLine":187,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java"},"region":{"startLine":187,"startColumn":113,"endColumn":114}}}]},{"ruleId":"13865268488594355872 (sast)","level":"warning","message":{"text":"JWT Sensitive Information Exposure"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTVotesEndpoint.java"},"region":{"startLine":70,"startColumn":32,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java"},"region":{"startLine":199,"startColumn":90,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java"},"region":{"startLine":199,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/test/java/org/owasp/webgoat/jwt/JWTVotesEndpointTest.java"},"region":{"startLine":199,"startColumn":113,"endColumn":114}}}]},{"ruleId":"13865268488594355872 (sast)","level":"warning","message":{"text":"JWT Sensitive Information Exposure"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":62,"startColumn":33,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":129,"startColumn":67,"endColumn":79}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":129,"startColumn":66,"endColumn":67}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":129,"startColumn":86,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":129,"startColumn":33,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":130,"startColumn":29,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":130,"startColumn":40,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":130,"startColumn":46,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":130,"startColumn":13,"endColumn":17}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":141,"startColumn":39,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":80,"startColumn":56,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":83,"startColumn":28,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":83,"startColumn":19,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":83,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":86,"startColumn":28,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTRefreshEndpoint.java"},"region":{"startLine":86,"startColumn":27,"endColumn":28}}}]},{"ruleId":"9214120936485315712 (sast)","level":"warning","message":{"text":"Session Fixation"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java"},"region":{"startLine":67,"startColumn":33,"endColumn":34}}}]},{"ruleId":"12956636075206043460 (sast)","level":"warning","message":{"text":"Privacy Violation"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":81,"startColumn":38,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":56,"startColumn":40,"endColumn":41}}}]},{"ruleId":"12956636075206043460 (sast)","level":"warning","message":{"text":"Privacy Violation"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":50,"startColumn":40,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":50,"startColumn":21,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":50,"startColumn":14,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":34,"startColumn":13,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":36,"startColumn":16,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":87,"startColumn":50,"endColumn":51}}}]},{"ruleId":"12956636075206043460 (sast)","level":"warning","message":{"text":"Privacy Violation"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":61,"startColumn":118,"endColumn":128}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":64,"startColumn":56,"endColumn":66}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":41,"startColumn":60,"endColumn":68}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":76,"endColumn":84}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":75,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":94,"endColumn":95}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":47,"endColumn":48}}}]},{"ruleId":"12956636075206043460 (sast)","level":"warning","message":{"text":"Privacy Violation"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":41,"startColumn":60,"endColumn":68}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":76,"endColumn":84}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":75,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":94,"endColumn":95}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":42,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":53,"startColumn":28,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":53,"startColumn":4,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":56,"startColumn":41,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":56,"startColumn":40,"endColumn":41}}}]},{"ruleId":"12956636075206043460 (sast)","level":"warning","message":{"text":"Privacy Violation"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":43,"startColumn":56,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":44,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":43,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":18,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":94,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":53,"startColumn":90,"endColumn":98}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":54,"startColumn":13,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":61,"startColumn":81,"endColumn":89}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":61,"startColumn":109,"endColumn":110}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":61,"startColumn":144,"endColumn":145}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":80,"startColumn":45,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":91,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":91,"startColumn":14,"endColumn":17}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":93,"startColumn":99,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":93,"startColumn":103,"endColumn":104}}}]},{"ruleId":"12956636075206043460 (sast)","level":"warning","message":{"text":"Privacy Violation"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":43,"startColumn":56,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":44,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":43,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":18,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":94,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":113,"endColumn":114}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":93,"endColumn":94}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":22,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":53,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":55,"startColumn":13,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":61,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":71,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":72,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":75,"startColumn":76,"endColumn":82}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":75,"startColumn":91,"endColumn":92}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":72,"startColumn":50,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":27,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":74,"startColumn":20,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":75,"startColumn":75,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":136,"endColumn":142}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":83,"startColumn":37,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":33,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":135,"endColumn":136}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":108,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":14,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":20,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":75,"startColumn":100,"endColumn":101}}}]},{"ruleId":"12956636075206043460 (sast)","level":"warning","message":{"text":"Privacy Violation"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":43,"startColumn":56,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":44,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":43,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":48,"startColumn":18,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":94,"endColumn":102}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":113,"endColumn":114}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":93,"endColumn":94}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":22,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":52,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":53,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":55,"startColumn":13,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":61,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":71,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":72,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":77,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":77,"startColumn":89,"endColumn":90}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":72,"startColumn":50,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":27,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":74,"startColumn":20,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":77,"startColumn":73,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":136,"endColumn":142}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":83,"startColumn":37,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":33,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":135,"endColumn":136}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":108,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":14,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":20,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/secure-passwords/src/main/java/org/owasp/webgoat/secure_password/SecurePasswordsAssignment.java"},"region":{"startLine":77,"startColumn":98,"endColumn":99}}}]},{"ruleId":"15179929566605030594 (sast)","level":"warning","message":{"text":"SSRF"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java"},"region":{"startLine":46,"startColumn":56,"endColumn":59}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java"},"region":{"startLine":47,"startColumn":24,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java"},"region":{"startLine":50,"startColumn":43,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java"},"region":{"startLine":51,"startColumn":13,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java"},"region":{"startLine":53,"startColumn":43,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java"},"region":{"startLine":53,"startColumn":35,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/ssrf/src/main/java/org/owasp/webgoat/ssrf/SSRFTask2.java"},"region":{"startLine":53,"startColumn":58,"endColumn":59}}}]},{"ruleId":"2301179517126599776 (sast)","level":"warning","message":{"text":"Use of a One Way Hash with a Predictable Salt"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java"},"region":{"startLine":65,"startColumn":25,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java"},"region":{"startLine":65,"startColumn":16,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java"},"region":{"startLine":67,"startColumn":33,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java"},"region":{"startLine":67,"startColumn":48,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/DisplayUser.java"},"region":{"startLine":67,"startColumn":32,"endColumn":33}}}]},{"ruleId":"18167789603095321044 (sast)","level":"warning","message":{"text":"Unsafe Object Binding"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":36,"startColumn":76,"endColumn":84}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":53,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":29,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":39,"startColumn":32,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":45,"startColumn":56,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java"},"region":{"startLine":60,"startColumn":37,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java"},"region":{"startLine":61,"startColumn":21,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java"},"region":{"startLine":61,"startColumn":14,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":45,"startColumn":40,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":45,"startColumn":39,"endColumn":40}}}]},{"ruleId":"18167789603095321044 (sast)","level":"warning","message":{"text":"Unsafe Object Binding"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":84,"startColumn":57,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":86,"startColumn":55,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":86,"startColumn":33,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":62,"startColumn":21,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":86,"startColumn":52,"endColumn":53}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":39,"startColumn":32,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":45,"startColumn":56,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java"},"region":{"startLine":60,"startColumn":37,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java"},"region":{"startLine":61,"startColumn":21,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java"},"region":{"startLine":61,"startColumn":14,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":45,"startColumn":40,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":45,"startColumn":39,"endColumn":40}}}]},{"ruleId":"18167789603095321044 (sast)","level":"warning","message":{"text":"Unsafe Object Binding"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java"},"region":{"startLine":58,"startColumn":76,"endColumn":84}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java"},"region":{"startLine":64,"startColumn":53,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java"},"region":{"startLine":64,"startColumn":73,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/UserService.java"},"region":{"startLine":56,"startColumn":61,"endColumn":69}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/UserService.java"},"region":{"startLine":57,"startColumn":55,"endColumn":63}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java"},"region":{"startLine":58,"startColumn":48,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java"},"region":{"startLine":60,"startColumn":25,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java"},"region":{"startLine":60,"startColumn":14,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/UserService.java"},"region":{"startLine":57,"startColumn":29,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/user/UserService.java"},"region":{"startLine":57,"startColumn":28,"endColumn":29}}}]},{"ruleId":"18167789603095321044 (sast)","level":"warning","message":{"text":"Unsafe Object Binding"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":36,"startColumn":76,"endColumn":84}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":53,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":73,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":39,"startColumn":49,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":73,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":36,"startColumn":48,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":25,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":14,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":47,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":46,"endColumn":47}}}]},{"ruleId":"18167789603095321044 (sast)","level":"warning","message":{"text":"Unsafe Object Binding"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":84,"startColumn":57,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":86,"startColumn":55,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":66,"startColumn":21,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":86,"startColumn":74,"endColumn":75}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":39,"startColumn":49,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":73,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":36,"startColumn":48,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":25,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":14,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":47,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":46,"endColumn":47}}}]},{"ruleId":"18167789603095321044 (sast)","level":"warning","message":{"text":"Unsafe Object Binding"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxController.java"},"region":{"startLine":64,"startColumn":69,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxController.java"},"region":{"startLine":65,"startColumn":19,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxController.java"},"region":{"startLine":66,"startColumn":36,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxController.java"},"region":{"startLine":66,"startColumn":35,"endColumn":36}}}]},{"ruleId":"77783205-c4ca-4f80-bb80-c777f267c547 [Taken from query_id] (kics)","level":"warning","message":{"text":"APT-GET Missing '-y' To Avoid Manual Input"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webwolf/Dockerfile"},"region":{"startLine":5,"startColumn":1,"endColumn":2}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/challenge8.js"},"region":{"startLine":7,"startColumn":43,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/challenge8.js"},"region":{"startLine":18,"startColumn":42,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/challenge8.js"},"region":{"startLine":18,"startColumn":37,"endColumn":41}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js"},"region":{"startLine":43,"startColumn":73,"endColumn":79}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js"},"region":{"startLine":56,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js"},"region":{"startLine":56,"startColumn":62,"endColumn":73}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js"},"region":{"startLine":56,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js"},"region":{"startLine":56,"startColumn":13,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js"},"region":{"startLine":57,"startColumn":34,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/resources/js/assignment13.js"},"region":{"startLine":57,"startColumn":27,"endColumn":33}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/challenge8.js"},"region":{"startLine":46,"startColumn":50,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/challenge8.js"},"region":{"startLine":52,"startColumn":34,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/challenge8.js"},"region":{"startLine":52,"startColumn":42,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/resources/js/challenge8.js"},"region":{"startLine":52,"startColumn":29,"endColumn":33}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/support/GoatUtils.js"},"region":{"startLine":56,"startColumn":69,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/support/GoatUtils.js"},"region":{"startLine":57,"startColumn":51,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/goatApp/support/GoatUtils.js"},"region":{"startLine":57,"startColumn":46,"endColumn":50}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":35,"startColumn":40,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":40,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":40,"startColumn":62,"endColumn":67}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":40,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":40,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":41,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/csrf/src/main/resources/js/csrf-review.js"},"region":{"startLine":41,"startColumn":28,"endColumn":34}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":53,"startColumn":56,"endColumn":63}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":54,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":57,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":60,"startColumn":93,"endColumn":104}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":60,"startColumn":13,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":62,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":62,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":51,"startColumn":56,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":52,"startColumn":32,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":56,"startColumn":48,"endColumn":59}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":60,"startColumn":69,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":60,"startColumn":13,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":67,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":67,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":53,"startColumn":86,"endColumn":94}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":54,"startColumn":48,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":57,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":60,"startColumn":93,"endColumn":104}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":60,"startColumn":13,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":62,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":62,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":53,"startColumn":117,"endColumn":126}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":54,"startColumn":65,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":57,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":60,"startColumn":93,"endColumn":104}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":60,"startColumn":13,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":62,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":62,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":84,"startColumn":57,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":86,"startColumn":55,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":66,"startColumn":21,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/MissingFunctionACUsers.java"},"region":{"startLine":86,"startColumn":74,"endColumn":75}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":39,"startColumn":49,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":73,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":36,"startColumn":48,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":25,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":14,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":47,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":46,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":13,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":46,"startColumn":34,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":50,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":62,"startColumn":21,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":74,"endColumn":75}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":29,"endColumn":30}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":56,"startColumn":56,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":57,"startColumn":32,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":60,"startColumn":51,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":65,"startColumn":41,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":65,"startColumn":40,"endColumn":41}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":73,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":39,"startColumn":49,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":73,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":36,"startColumn":48,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":25,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":14,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":47,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":46,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":13,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":46,"startColumn":34,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":50,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":62,"startColumn":21,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":74,"endColumn":75}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":29,"endColumn":30}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java"},"region":{"startLine":48,"startColumn":89,"endColumn":95}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java"},"region":{"startLine":49,"startColumn":13,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidation.java"},"region":{"startLine":52,"startColumn":62,"endColumn":68}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":56,"startColumn":48,"endColumn":59}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":60,"startColumn":69,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":60,"startColumn":13,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":67,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":67,"startColumn":59,"endColumn":60}}}]},{"ruleId":"8481125285487743346 (sast)","level":"error","message":{"text":"Reflected XSS All Clients"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":49,"startColumn":45,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":51,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":51,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":51,"startColumn":62,"endColumn":63}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":51,"startColumn":10,"endColumn":17}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":64,"startColumn":10,"endColumn":17}}}]},{"ruleId":"8481125285487743346 (sast)","level":"error","message":{"text":"Reflected XSS All Clients"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":50,"startColumn":52,"endColumn":59}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":52,"startColumn":32,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":52,"startColumn":50,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":52,"startColumn":65,"endColumn":66}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":52,"startColumn":10,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/SigningAssignment.java"},"region":{"startLine":59,"startColumn":10,"endColumn":20}}}]},{"ruleId":"8481125285487743346 (sast)","level":"error","message":{"text":"Reflected XSS All Clients"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":69,"startColumn":48,"endColumn":55}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":71,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":71,"startColumn":46,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":71,"startColumn":61,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":71,"startColumn":10,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/HashingAssignment.java"},"region":{"startLine":78,"startColumn":10,"endColumn":16}}}]},{"ruleId":"8481125285487743346 (sast)","level":"error","message":{"text":"Reflected XSS All Clients"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":47,"startColumn":51,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":49,"startColumn":31,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":49,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":49,"startColumn":64,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":49,"startColumn":10,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":56,"startColumn":41,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/crypto/src/main/java/org/owasp/webgoat/crypto/EncodingAssignment.java"},"region":{"startLine":56,"startColumn":40,"endColumn":41}}}]},{"ruleId":"8481125285487743346 (sast)","level":"error","message":{"text":"Reflected XSS All Clients"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":45,"startColumn":99,"endColumn":119}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":52,"startColumn":13,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":52,"startColumn":58,"endColumn":78}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":41,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":105,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":70,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":108,"startColumn":33,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":109,"startColumn":22,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":109,"startColumn":14,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":13,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":55,"startColumn":13,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":58,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":58,"startColumn":54,"endColumn":72}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":61,"startColumn":33,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":38,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":23,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":73,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":74,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":75,"startColumn":16,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":61,"startColumn":64,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":61,"startColumn":75,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":72,"startColumn":50,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":27,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":74,"startColumn":20,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":61,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":144,"endColumn":150}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":83,"startColumn":50,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":45,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":135,"endColumn":136}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":108,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":14,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":20,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":62,"startColumn":31,"endColumn":32}}}]},{"ruleId":"8481125285487743346 (sast)","level":"error","message":{"text":"Reflected XSS All Clients"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":45,"startColumn":99,"endColumn":119}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":52,"startColumn":13,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":52,"startColumn":58,"endColumn":78}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":41,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":105,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":70,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":108,"startColumn":33,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":109,"startColumn":22,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":109,"startColumn":14,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":13,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":55,"startColumn":13,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":58,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":58,"startColumn":54,"endColumn":72}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":65,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":65,"startColumn":53,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":68,"startColumn":33,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":38,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":23,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":73,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":74,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":75,"startColumn":16,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":68,"startColumn":64,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":68,"startColumn":75,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":72,"startColumn":50,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":27,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":74,"startColumn":20,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":68,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":144,"endColumn":150}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":83,"startColumn":50,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":45,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":135,"endColumn":136}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":108,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":14,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":20,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":69,"startColumn":31,"endColumn":32}}}]},{"ruleId":"8481125285487743346 (sast)","level":"error","message":{"text":"Reflected XSS All Clients"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":45,"startColumn":99,"endColumn":119}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":52,"startColumn":13,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":52,"startColumn":58,"endColumn":78}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":41,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":105,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":70,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":108,"startColumn":33,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":109,"startColumn":22,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":109,"startColumn":14,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":13,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":55,"startColumn":13,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":58,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":58,"startColumn":54,"endColumn":72}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":65,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":65,"startColumn":53,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":72,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":72,"startColumn":55,"endColumn":73}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":75,"startColumn":33,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":38,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":23,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":73,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":74,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":75,"startColumn":16,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":75,"startColumn":64,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":75,"startColumn":75,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":72,"startColumn":50,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":27,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":74,"startColumn":20,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":75,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":144,"endColumn":150}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":83,"startColumn":50,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":45,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":135,"endColumn":136}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":108,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":14,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":20,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":76,"startColumn":31,"endColumn":32}}}]},{"ruleId":"8481125285487743346 (sast)","level":"error","message":{"text":"Reflected XSS All Clients"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":45,"startColumn":99,"endColumn":119}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":52,"startColumn":13,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":52,"startColumn":58,"endColumn":78}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":41,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":105,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":70,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":108,"startColumn":33,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":109,"startColumn":22,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":109,"startColumn":14,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":54,"startColumn":13,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":55,"startColumn":13,"endColumn":31}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":58,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":58,"startColumn":54,"endColumn":72}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":65,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":65,"startColumn":53,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":72,"startColumn":17,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":72,"startColumn":55,"endColumn":73}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":82,"startColumn":29,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":38,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":23,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":72,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":73,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":74,"startColumn":9,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/UserProfile.java"},"region":{"startLine":75,"startColumn":16,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":82,"startColumn":60,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":82,"startColumn":71,"endColumn":72}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":72,"startColumn":50,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":27,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":73,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":74,"startColumn":20,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":82,"startColumn":28,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":144,"endColumn":150}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":83,"startColumn":50,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":45,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/i18n/PluginMessages.java"},"region":{"startLine":84,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":135,"endColumn":136}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":108,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":52,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":111,"startColumn":14,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/assignments/AttackResult.java"},"region":{"startLine":88,"startColumn":20,"endColumn":23}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/idor/src/main/java/org/owasp/webgoat/idor/IDOREditOtherProfiile.java"},"region":{"startLine":83,"startColumn":27,"endColumn":28}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":51,"startColumn":56,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":52,"startColumn":45,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":55,"startColumn":71,"endColumn":82}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":56,"startColumn":93,"endColumn":104}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":56,"startColumn":16,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":58,"startColumn":67,"endColumn":78}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":58,"startColumn":66,"endColumn":67}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":58,"startColumn":31,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":68,"startColumn":13,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":71,"startColumn":37,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":71,"startColumn":55,"endColumn":56}}}]},{"ruleId":"8558184832467657344 (sast)","level":"error","message":{"text":"Second Order SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":13,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":46,"startColumn":34,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":50,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":62,"startColumn":21,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":74,"endColumn":75}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":77,"endColumn":78}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":49,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":39,"startColumn":32,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":63,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":36,"startColumn":31,"endColumn":39}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":37,"startColumn":25,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":37,"startColumn":14,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":47,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":46,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":13,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":46,"startColumn":34,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":50,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":62,"startColumn":21,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":74,"endColumn":75}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":29,"endColumn":30}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":54,"startColumn":56,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":55,"startColumn":47,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":58,"startColumn":66,"endColumn":70}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":60,"startColumn":72,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":60,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":65,"startColumn":33,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":128,"startColumn":58,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":134,"startColumn":95,"endColumn":101}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":134,"startColumn":16,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":138,"startColumn":37,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":138,"startColumn":36,"endColumn":37}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":54,"startColumn":56,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":55,"startColumn":47,"endColumn":51}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":58,"startColumn":66,"endColumn":70}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":60,"startColumn":72,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":60,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":66,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":66,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java"},"region":{"startLine":65,"startColumn":42,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java"},"region":{"startLine":66,"startColumn":32,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java"},"region":{"startLine":69,"startColumn":51,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java"},"region":{"startLine":72,"startColumn":40,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5.java"},"region":{"startLine":72,"startColumn":39,"endColumn":40}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":55,"startColumn":56,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":56,"startColumn":41,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":59,"startColumn":60,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":61,"startColumn":72,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":61,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":65,"startColumn":53,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":128,"startColumn":58,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":134,"startColumn":95,"endColumn":101}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":134,"startColumn":16,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":138,"startColumn":37,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":138,"startColumn":36,"endColumn":37}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":55,"startColumn":56,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":56,"startColumn":41,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":59,"startColumn":60,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":61,"startColumn":72,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":61,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":66,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":66,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":54,"startColumn":83,"endColumn":91}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":55,"startColumn":53,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":58,"startColumn":79,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":60,"startColumn":102,"endColumn":110}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":60,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":65,"startColumn":33,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":128,"startColumn":58,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":134,"startColumn":95,"endColumn":101}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":134,"startColumn":16,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":138,"startColumn":37,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":138,"startColumn":36,"endColumn":37}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":54,"startColumn":83,"endColumn":91}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":55,"startColumn":53,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":58,"startColumn":79,"endColumn":87}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":60,"startColumn":102,"endColumn":110}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":60,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":66,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":66,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":67,"startColumn":51,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":71,"startColumn":189,"endColumn":195}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":71,"startColumn":79,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":71,"startColumn":32,"endColumn":49}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":72,"startColumn":28,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":72,"startColumn":58,"endColumn":59}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":55,"startColumn":83,"endColumn":91}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":56,"startColumn":47,"endColumn":55}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":59,"startColumn":73,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":61,"startColumn":102,"endColumn":110}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":61,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":65,"startColumn":53,"endColumn":58}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":128,"startColumn":58,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":32,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":129,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":134,"startColumn":95,"endColumn":101}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":134,"startColumn":16,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":138,"startColumn":37,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":138,"startColumn":36,"endColumn":37}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":55,"startColumn":83,"endColumn":91}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":56,"startColumn":47,"endColumn":55}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":59,"startColumn":73,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":61,"startColumn":102,"endColumn":110}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":61,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":66,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":66,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java"},"region":{"startLine":56,"startColumn":62,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java"},"region":{"startLine":63,"startColumn":101,"endColumn":113}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java"},"region":{"startLine":63,"startColumn":24,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java"},"region":{"startLine":65,"startColumn":62,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionChallenge.java"},"region":{"startLine":65,"startColumn":61,"endColumn":62}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":55,"startColumn":56,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":56,"startColumn":32,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":59,"startColumn":51,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":62,"startColumn":56,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":62,"startColumn":55,"endColumn":56}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java"},"region":{"startLine":92,"startColumn":63,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java"},"region":{"startLine":92,"startColumn":38,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java"},"region":{"startLine":94,"startColumn":128,"endColumn":131}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/java/org/owasp/webgoat/jwt/JWTFinalEndpoint.java"},"region":{"startLine":94,"startColumn":85,"endColumn":86}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":52,"startColumn":56,"endColumn":69}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":53,"startColumn":44,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":56,"startColumn":63,"endColumn":69}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":58,"startColumn":74,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":58,"startColumn":16,"endColumn":21}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":63,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":63,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java"},"region":{"startLine":48,"startColumn":101,"endColumn":107}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java"},"region":{"startLine":49,"startColumn":18,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java"},"region":{"startLine":49,"startColumn":36,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java"},"region":{"startLine":49,"startColumn":46,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java"},"region":{"startLine":49,"startColumn":66,"endColumn":67}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java"},"region":{"startLine":49,"startColumn":9,"endColumn":15}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java"},"region":{"startLine":50,"startColumn":13,"endColumn":19}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/SqlOnlyInputValidationOnKeywords.java"},"region":{"startLine":53,"startColumn":62,"endColumn":68}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":56,"startColumn":48,"endColumn":59}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":60,"startColumn":69,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":60,"startColumn":13,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":67,"startColumn":60,"endColumn":65}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":67,"startColumn":59,"endColumn":60}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":52,"startColumn":52,"endColumn":66}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":60,"startColumn":129,"endColumn":143}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":60,"startColumn":70,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":60,"startColumn":31,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":61,"startColumn":35,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":61,"startColumn":57,"endColumn":58}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":52,"startColumn":89,"endColumn":103}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":60,"startColumn":169,"endColumn":183}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":60,"startColumn":70,"endColumn":71}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":60,"startColumn":31,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":61,"startColumn":35,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/challenge/src/main/java/org/owasp/webgoat/challenges/challenge5/Assignment5.java"},"region":{"startLine":61,"startColumn":57,"endColumn":58}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":72,"startColumn":23,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":73,"startColumn":20,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":74,"startColumn":129,"endColumn":131}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":74,"startColumn":141,"endColumn":142}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":74,"startColumn":33,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":74,"startColumn":24,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":75,"startColumn":29,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":75,"startColumn":28,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":75,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/mitigation/Servers.java"},"region":{"startLine":78,"startColumn":16,"endColumn":23}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":56,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":59,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":60,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":62,"startColumn":46,"endColumn":53}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":62,"startColumn":63,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":62,"startColumn":36,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":62,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":63,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":64,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":65,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":66,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":67,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":68,"startColumn":60,"endColumn":67}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":68,"startColumn":40,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":68,"startColumn":25,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/missing_ac/Users.java"},"region":{"startLine":71,"startColumn":28,"endColumn":39}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":62,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":64,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":65,"startColumn":57,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":68,"startColumn":46,"endColumn":53}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":88,"startColumn":47,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":90,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":94,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":101,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":103,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":107,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":110,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":117,"startColumn":9,"endColumn":10}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":118,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":118,"startColumn":27,"endColumn":28}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":62,"startColumn":23,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":65,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":67,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson2.java"},"region":{"startLine":69,"startColumn":65,"endColumn":72}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":97,"startColumn":50,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":98,"startColumn":45,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":100,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":104,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":111,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":112,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":60,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":33,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":21,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":117,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":124,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":31,"endColumn":32}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":63,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":65,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":66,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson10.java"},"region":{"startLine":67,"startColumn":69,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":97,"startColumn":50,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":98,"startColumn":45,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":100,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":104,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":111,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":112,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":60,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":33,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":21,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":117,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":124,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":31,"endColumn":32}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":66,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":68,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":69,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":70,"startColumn":53,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":97,"startColumn":50,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":98,"startColumn":45,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":100,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":104,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":111,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":112,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":60,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":33,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":21,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":117,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":124,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":31,"endColumn":32}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":66,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":69,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":70,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson3.java"},"region":{"startLine":72,"startColumn":69,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":97,"startColumn":50,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":98,"startColumn":45,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":100,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":104,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":111,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":112,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":60,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":33,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":21,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":117,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":124,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":31,"endColumn":32}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":67,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":69,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":70,"startColumn":57,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/advanced/SqlInjectionLesson6a.java"},"region":{"startLine":73,"startColumn":67,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":88,"startColumn":47,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":90,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":94,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":101,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":103,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":107,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":110,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":117,"startColumn":9,"endColumn":10}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":118,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":118,"startColumn":27,"endColumn":28}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":71,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":73,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":74,"startColumn":57,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5b.java"},"region":{"startLine":77,"startColumn":67,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":88,"startColumn":47,"endColumn":54}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":90,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":94,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":101,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":103,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":30,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":47,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":29,"endColumn":30}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":106,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":107,"startColumn":21,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":110,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":117,"startColumn":9,"endColumn":10}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":118,"startColumn":17,"endColumn":18}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson5a.java"},"region":{"startLine":118,"startColumn":27,"endColumn":28}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":66,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":67,"startColumn":28,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":68,"startColumn":21,"endColumn":28}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":69,"startColumn":25,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":70,"startColumn":73,"endColumn":80}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":97,"startColumn":50,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":98,"startColumn":45,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":100,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":104,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":111,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":112,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":60,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":33,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":21,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":117,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":124,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":31,"endColumn":32}}}]},{"ruleId":"13625251660291496964 (sast)","level":"error","message":{"text":"Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":94,"startColumn":27,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":96,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":98,"startColumn":22,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":98,"startColumn":63,"endColumn":70}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson9.java"},"region":{"startLine":99,"startColumn":69,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":97,"startColumn":50,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":98,"startColumn":45,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":100,"startColumn":9,"endColumn":16}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":104,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":111,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":112,"startColumn":20,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":43,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":60,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":33,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":115,"startColumn":21,"endColumn":26}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":117,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":124,"startColumn":9,"endColumn":14}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":17,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson8.java"},"region":{"startLine":125,"startColumn":31,"endColumn":32}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java"},"region":{"startLine":56,"startColumn":56,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java"},"region":{"startLine":57,"startColumn":32,"endColumn":37}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java"},"region":{"startLine":60,"startColumn":51,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java"},"region":{"startLine":63,"startColumn":41,"endColumn":46}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/sql-injection/src/main/java/org/owasp/webgoat/sql_injection/introduction/SqlInjectionLesson4.java"},"region":{"startLine":63,"startColumn":40,"endColumn":41}}}]},{"ruleId":"14517067005933136034 (sast)","level":"error","message":{"text":"SQL Injection"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":36,"startColumn":76,"endColumn":84}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":53,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/RegistrationController.java"},"region":{"startLine":42,"startColumn":73,"endColumn":74}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":39,"startColumn":49,"endColumn":57}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":73,"endColumn":81}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":36,"startColumn":48,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":25,"endColumn":33}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":38,"startColumn":14,"endColumn":22}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":47,"endColumn":50}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":46,"endColumn":47}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":42,"startColumn":13,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":46,"startColumn":34,"endColumn":45}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":50,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":51,"endColumn":62}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java"},"region":{"startLine":62,"startColumn":21,"endColumn":29}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":74,"endColumn":75}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java"},"region":{"startLine":51,"startColumn":29,"endColumn":30}}}]},{"ruleId":"9920599561530748290 (sast)","level":"error","message":{"text":"Deserialization of Untrusted Data"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":46,"startColumn":56,"endColumn":61}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":52,"startColumn":20,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":52,"startColumn":33,"endColumn":34}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":52,"startColumn":51,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":52,"startColumn":9,"endColumn":17}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":54,"startColumn":112,"endColumn":120}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":54,"startColumn":111,"endColumn":112}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":54,"startColumn":60,"endColumn":63}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":54,"startColumn":38,"endColumn":41}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":54,"startColumn":32,"endColumn":35}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":56,"startColumn":24,"endColumn":27}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/insecure-deserialization/src/main/java/org/owasp/webgoat/deserialization/InsecureDeserializationTask.java"},"region":{"startLine":56,"startColumn":38,"endColumn":39}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":35,"startColumn":58,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":39,"startColumn":54,"endColumn":60}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":39,"startColumn":64,"endColumn":68}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":39,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":39,"startColumn":17,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":40,"startColumn":35,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/cross-site-scripting/src/main/resources/js/stored-xss.js"},"region":{"startLine":40,"startColumn":28,"endColumn":34}}}]},{"ruleId":"9920599561530748290 (sast)","level":"error","message":{"text":"Deserialization of Untrusted Data"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java"},"region":{"startLine":41,"startColumn":49,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java"},"region":{"startLine":52,"startColumn":49,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/vulnerable-components/src/main/java/org/owasp/webgoat/vulnerable_components/VulnerableComponentsLesson.java"},"region":{"startLine":52,"startColumn":48,"endColumn":49}}}]},{"ruleId":"10016977899842968824 (sast)","level":"error","message":{"text":"Client DOM XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1188,"startColumn":36,"endColumn":44}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-container/src/main/resources/static/js/libs/backbone-min.js"},"region":{"startLine":1188,"startColumn":18,"endColumn":26}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":43,"startColumn":36,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":56,"startColumn":60,"endColumn":66}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":56,"startColumn":70,"endColumn":77}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":56,"startColumn":41,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":56,"startColumn":13,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":59,"startColumn":28,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":59,"startColumn":41,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":59,"startColumn":13,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":61,"startColumn":28,"endColumn":40}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":61,"startColumn":41,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":61,"startColumn":13,"endColumn":25}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":63,"startColumn":36,"endColumn":48}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/jwt/src/main/resources/js/jwt-voting.js"},"region":{"startLine":63,"startColumn":29,"endColumn":35}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":17,"startColumn":70,"endColumn":76}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":32,"startColumn":36,"endColumn":42}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":32,"startColumn":46,"endColumn":52}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":32,"startColumn":13,"endColumn":17}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":33,"startColumn":20,"endColumn":24}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":33,"startColumn":13,"endColumn":17}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":35,"startColumn":16,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":35,"startColumn":9,"endColumn":13}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":38,"startColumn":28,"endColumn":32}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/client-side-filtering/src/main/resources/js/clientSideFiltering.js"},"region":{"startLine":38,"startColumn":16,"endColumn":25}}}]},{"ruleId":"1779421333800271656 (sast)","level":"error","message":{"text":"Client DOM Stored XSS"},"locations":[{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":72,"startColumn":37,"endColumn":43}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":77,"startColumn":50,"endColumn":56}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":77,"startColumn":60,"endColumn":64}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":77,"startColumn":31,"endColumn":38}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":77,"startColumn":13,"endColumn":20}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":78,"startColumn":29,"endColumn":36}}},{"physicalLocation":{"artifactLocation":{"uri":"webgoat-lessons/xxe/src/main/resources/js/xxe.js"},"region":{"startLine":78,"startColumn":22,"endColumn":28}}}]}]}]}