-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathfixed-sample-scan.json
More file actions
executable file
·187 lines (187 loc) · 22.3 KB
/
fixed-sample-scan.json
File metadata and controls
executable file
·187 lines (187 loc) · 22.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
{
"engineVersion" : "1.0-SNAPSHOT",
"scanDate" : "2017-04-18T23:31:42.136Z",
"buildServer" : "server01",
"findings" : [ {
"uniqueId" : "fda2eaa2-7643-4fc5-809e-3eb6957e1945",
"category" : "Cross-site Scripting",
"fileName" : "file-fda2eaa2-7643-4fc5-809e-3eb6957e1945/00000001.bin",
"vulnerabilityAbstract" : "Cross-site Scripting found in file-fda2eaa2-7643-4fc5-809e-3eb6957e1945/00000001.bin",
"lineNumber" : 103,
"confidence" : 4.968653,
"impact" : 200.69,
"priority" : "Critical",
"categoryId" : "a101",
"customStatus" : "OPEN",
"artifact" : "artifact-fda2eaa2-7643-4fc5-809e-3eb6957e1945/00000001.jar",
"description" : "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.",
"comment" : "This should be fixed",
"buildNumber" : "300.3837014436722",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "fda2eaa2-7643-4fc5-809e-3eb6957e1999",
"category" : "Cross-site Scripting",
"fileName" : "file-fda2eaa2-7643-4fc5-809e-3eb6957e1999/00000021.bin",
"vulnerabilityAbstract" : "Cross-site Scripting found in file-fda2eaa2-7643-4fc5-809e-3eb6957e1999/00000021.bin",
"lineNumber" : 146,
"confidence" : 4.968653,
"impact" : 200.69,
"priority" : "Critical",
"categoryId" : "a101",
"customStatus" : "OPEN",
"artifact" : "artifact-fda2eaa2-7643-4fc5-809e-3eb6957e1999/00000001.jar",
"description" : "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.",
"comment" : "This should be fixed",
"buildNumber" : "300.3837014436722",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "fda2eaa2-7643-4fc5-809e-3eb6957e1946",
"category" : "Cross-site Scripting",
"fileName" : "file-fda2eaa2-7643-4fc5-809e-3eb6957e1946/00000011.bin",
"vulnerabilityAbstract" : "Cross-site Scripting found in file-fda2eaa2-7643-4fc5-809e-3eb6957e1946/00000011.bin",
"lineNumber" : 489,
"confidence" : 4.968653,
"impact" : 200.69,
"priority" : "Critical",
"categoryId" : "a101",
"customStatus" : "REMEDIATED",
"artifact" : "artifact-fda2eaa2-7643-4fc5-809e-3eb6957e1946/00000001.jar",
"description" : "Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.",
"comment" : "fixed in build 303.0001",
"buildNumber" : "300.3837014436722",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "c834c327-4cee-4420-b1f8-b24bea95fee3",
"category" : "SQL Injection",
"fileName" : "file-c834c327-4cee-4420-b1f8-b24bea95fee3/00000002.bin",
"vulnerabilityAbstract" : "SQL Injection found in file-c834c327-4cee-4420-b1f8-b24bea95fee3/00000002.bin",
"lineNumber" : 8409,
"confidence" : 2.941967,
"impact" : 200.696,
"priority" : "High",
"categoryId" : "c121",
"customStatus" : "REMEDIATED",
"artifact" : "artifact-c834c327-4cee-4420-b1f8-b24bea95fee3/00000002.jar",
"description" : "SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.",
"comment" : "fixed in build 300.845200451",
"buildNumber" : "300.314668238163",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "c834c327-4cee-4420-b1f8-b24bea95fe11",
"category" : "SQL Injection",
"fileName" : "file-c834c327-4cee-4420-b1f8-b24bea95fe11/00000002.bin",
"vulnerabilityAbstract" : "SQL Injection found in file-c834c327-4cee-4420-b1f8-b24bea95fe11/00000002.bin",
"lineNumber" : 1001,
"confidence" : 2.941967,
"impact" : 200.696,
"priority" : "High",
"categoryId" : "c121",
"customStatus" : "REMEDIATED",
"artifact" : "artifact-c834c327-4cee-4420-b1f8-b24bea95fee3/00000002.jar",
"description" : "SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.",
"comment" : "fixed in build 300.845200451",
"buildNumber" : "300.314668238163",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "c834c327-4cee-4420-b1f8-b24bea95fe12",
"category" : "SQL Injection",
"fileName" : "file-c834c327-4cee-4420-b1f8-b24bea95fe12/00000003.bin",
"vulnerabilityAbstract" : "SQL Injection found in file-c834c327-4cee-4420-b1f8-b24bea95fe12/00000003.bin",
"lineNumber" : 423,
"confidence" : 2.941967,
"impact" : 200.696,
"priority" : "High",
"categoryId" : "c121",
"customStatus" : "OPEN",
"artifact" : "artifact-c834c327-4cee-4420-b1f8-b24bea95fee3/00000002.jar",
"description" : "SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.",
"comment" : "",
"buildNumber" : "300.314668238163",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "c834c327-4cee-4420-b1f8-b24bea95ffx5",
"category" : "SQL Injection",
"fileName" : "file-c834c327-4cee-4420-b1f8-b24bea95ffx5/00000042.bin",
"vulnerabilityAbstract" : "SQL Injection found in file-c834c327-4cee-4420-b1f8-b24bea95ffx5/00000042.bin",
"lineNumber" : 8409,
"confidence" : 2.941967,
"impact" : 200.696,
"priority" : "High",
"categoryId" : "c121",
"customStatus" : "REMEDIATED",
"artifact" : "artifact-c834c327-4cee-4420-b1f8-b24bea95fee3/00000002.jar",
"description" : "SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.",
"comment" : "fixed in build 300.845200451",
"buildNumber" : "300.314668238163",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "c834c327-4cee-4420-b1f8-b24bea95fe88",
"category" : "SQL Injection",
"fileName" : "file-c834c327-4cee-4420-b1f8-b24bea95fe88/00000008.bin",
"vulnerabilityAbstract" : "SQL Injection found in file-c834c327-4cee-4420-b1f8-b24bea95fe88/00000008.bin",
"lineNumber" : 409,
"confidence" : 2.941967,
"impact" : 200.696,
"priority" : "High",
"categoryId" : "c121",
"customStatus" : "NEW",
"artifact" : "artifact-c834c327-4cee-4420-b1f8-b24bea95feag/00000012.jar",
"description" : "SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.",
"comment" : "",
"buildNumber" : "300.314668238163",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "c834c327-4cee-4420-b1f8-b24bea95f111",
"category" : "SQL Injection",
"fileName" : "file-c834c327-4cee-4420-b1f8-b24bea95f111/00000018.bin",
"vulnerabilityAbstract" : "SQL Injection found in file-c834c327-4cee-4420-b1f8-b24bea95f111/00000018.bin",
"lineNumber" : 22,
"confidence" : 2.941967,
"impact" : 200.696,
"priority" : "High",
"categoryId" : "c121",
"customStatus" : "NEW",
"artifact" : "artifact-c834c327-4cee-4420-b1f8-b24bea95fe88/00000008.jar",
"description" : "SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.",
"comment" : "",
"buildNumber" : "300.314668238163",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
}, {
"uniqueId" : "c834c327-4cee-4420-b1f8-b24bea95fe55",
"category" : "SQL Injection",
"fileName" : "file-c834c327-4cee-4420-b1f8-b24bea95fe55/00000007.bin",
"vulnerabilityAbstract" : "SQL Injection found in file-c834c327-4cee-4420-b1f8-b24bea95fe55/00000007.bin",
"lineNumber" : 112,
"confidence" : 2.941967,
"impact" : 200.696,
"priority" : "High",
"categoryId" : "c121",
"customStatus" : "OPEN",
"artifact" : "artifact-c834c327-4cee-4420-b1f8-b24bea95fee3/00000002.jar",
"description" : "SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.",
"comment" : "",
"buildNumber" : "300.314668238163",
"lastChangeDate" : "2017-04-16T21:31:42.092Z",
"artifactBuildDate" : "2017-04-17T22:31:42.092Z",
"textBase64" : "RXhhbXBsZSBvZiBhIHRleHQgZW5jb2RlZCBpbiB0aGUgb3JpZ2luYWwgc2NhbiB0byBCYXNlNjQuIApGcm9tIFdpa2lwZWRpYTogCgpDb21wdXRlciBzZWN1cml0eSwgYWxzbyBrbm93biBhcyBjeWJlciBzZWN1cml0eSBvciBJVCBzZWN1cml0eSwgaXMgdGhlIHByb3RlY3Rpb24gb2YgY29tcHV0ZXIgc3lzdGVtcyBmcm9tIHRoZSB0aGVmdCBvciBkYW1hZ2UgdG8gdGhlaXIgaGFyZHdhcmUsIHNvZnR3YXJlIG9yIGluZm9ybWF0aW9uLCBhcyB3ZWxsIGFzIGZyb20gZGlzcnVwdGlvbiBvciBtaXNkaXJlY3Rpb24gb2YgdGhlIHNlcnZpY2VzIHRoZXkgcHJvdmlkZS4gCgpDeWJlciBzZWN1cml0eSBpbmNsdWRlcyBjb250cm9sbGluZyBwaHlzaWNhbCBhY2Nlc3MgdG8gdGhlIGhhcmR3YXJlLCBhcyB3ZWxsIGFzIHByb3RlY3RpbmcgYWdhaW5zdCBoYXJtIHRoYXQgbWF5IGNvbWUgdmlhIG5ldHdvcmsgYWNjZXNzLCBkYXRhIGFuZCBjb2RlIGluamVjdGlvbi4gQWxzbywgZHVlIHRvIG1hbHByYWN0aWNlIGJ5IG9wZXJhdG9ycywgd2hldGhlciBpbnRlbnRpb25hbCwgYWNjaWRlbnRhbCwgSVQgc2VjdXJpdHkgaXMgc3VzY2VwdGlibGUgdG8gYmVpbmcgdHJpY2tlZCBpbnRvIGRldmlhdGluZyBmcm9tIHNlY3VyZSBwcm9jZWR1cmVzIHRocm91Z2ggdmFyaW91cyBtZXRob2RzLgo="
} ],
"elapsed" : 68
}