findings.json

{"version":"1.144.1","results":[{"check_id":"javascript.lang.security.audit.code-string-concat.code-string-concat","path":"NodeGoat\\app\\routes\\contributions.js","start":{"line":32,"col":24,"offset":965},"end":{"line":32,"col":45,"offset":986},"extra":{"message":"Found data from an Express or Next web request flowing to `eval`. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid `eval` whenever possible.","metadata":{"interfile":true,"confidence":"HIGH","owasp":["A03:2021 - Injection"],"cwe":["CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')"],"references":["https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval","https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback","https://www.stackhawk.com/blog/nodejs-command-injection-examples-and-prevention/","https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_server_side_js_injection.html"],"category":"security","technology":["node.js","Express","Next.js"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Code Injection"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.code-string-concat.code-string-concat","shortlink":"https://sg.run/96Yk"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.code-string-concat.code-string-concat","path":"NodeGoat\\app\\routes\\contributions.js","start":{"line":33,"col":26,"offset":1014},"end":{"line":33,"col":49,"offset":1037},"extra":{"message":"Found data from an Express or Next web request flowing to `eval`. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid `eval` whenever possible.","metadata":{"interfile":true,"confidence":"HIGH","owasp":["A03:2021 - Injection"],"cwe":["CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')"],"references":["https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval","https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback","https://www.stackhawk.com/blog/nodejs-command-injection-examples-and-prevention/","https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_server_side_js_injection.html"],"category":"security","technology":["node.js","Express","Next.js"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Code Injection"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.code-string-concat.code-string-concat","shortlink":"https://sg.run/96Yk"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.lang.security.audit.code-string-concat.code-string-concat","path":"NodeGoat\\app\\routes\\contributions.js","start":{"line":34,"col":22,"offset":1061},"end":{"line":34,"col":41,"offset":1080},"extra":{"message":"Found data from an Express or Next web request flowing to `eval`. If this data is user-controllable this can lead to execution of arbitrary system commands in the context of your application process. Avoid `eval` whenever possible.","metadata":{"interfile":true,"confidence":"HIGH","owasp":["A03:2021 - Injection"],"cwe":["CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')"],"references":["https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval","https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback","https://www.stackhawk.com/blog/nodejs-command-injection-examples-and-prevention/","https://ckarande.gitbooks.io/owasp-nodegoat-tutorial/content/tutorial/a1_-_server_side_js_injection.html"],"category":"security","technology":["node.js","Express","Next.js"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Code Injection"],"source":"https://semgrep.dev/r/javascript.lang.security.audit.code-string-concat.code-string-concat","shortlink":"https://sg.run/96Yk"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-open-redirect.express-open-redirect","path":"NodeGoat\\app\\routes\\index.js","start":{"line":72,"col":29,"offset":2942},"end":{"line":72,"col":42,"offset":2955},"extra":{"message":"The application redirects to a URL specified by user-supplied input `req` that is not validated. This could redirect users to malicious locations. Consider using an allow-list approach to validate URLs, or warn users they are being redirected to a third-party website.","metadata":{"technology":["express"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html"],"cwe":["CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"],"category":"security","owasp":["A01:2021 - Broken Access Control"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Open Redirect"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-open-redirect.express-open-redirect","shortlink":"https://sg.run/EpoP"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"html.security.plaintext-http-link.plaintext-http-link","path":"NodeGoat\\app\\views\\tutorial\\a2.html","start":{"line":207,"col":33,"offset":11433},"end":{"line":207,"col":198,"offset":11598},"extra":{"message":"This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.","metadata":{"category":"security","technology":["html"],"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"confidence":"HIGH","subcategory":["vuln"],"references":["https://cwe.mitre.org/data/definitions/319.html"],"likelihood":"LOW","impact":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/html.security.plaintext-http-link.plaintext-http-link","shortlink":"https://sg.run/RA5q"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"html.security.plaintext-http-link.plaintext-http-link","path":"NodeGoat\\app\\views\\tutorial\\a2.html","start":{"line":209,"col":33,"offset":11667},"end":{"line":209,"col":97,"offset":11731},"extra":{"message":"This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.","metadata":{"category":"security","technology":["html"],"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"confidence":"HIGH","subcategory":["vuln"],"references":["https://cwe.mitre.org/data/definitions/319.html"],"likelihood":"LOW","impact":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/html.security.plaintext-http-link.plaintext-http-link","shortlink":"https://sg.run/RA5q"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"html.security.plaintext-http-link.plaintext-http-link","path":"NodeGoat\\app\\views\\tutorial\\a2.html","start":{"line":210,"col":33,"offset":11796},"end":{"line":210,"col":118,"offset":11881},"extra":{"message":"This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.","metadata":{"category":"security","technology":["html"],"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"confidence":"HIGH","subcategory":["vuln"],"references":["https://cwe.mitre.org/data/definitions/319.html"],"likelihood":"LOW","impact":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/html.security.plaintext-http-link.plaintext-http-link","shortlink":"https://sg.run/RA5q"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"html.security.plaintext-http-link.plaintext-http-link","path":"NodeGoat\\app\\views\\tutorial\\a5.html","start":{"line":50,"col":226,"offset":3133},"end":{"line":50,"col":282,"offset":3189},"extra":{"message":"This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.","metadata":{"category":"security","technology":["html"],"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"confidence":"HIGH","subcategory":["vuln"],"references":["https://cwe.mitre.org/data/definitions/319.html"],"likelihood":"LOW","impact":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/html.security.plaintext-http-link.plaintext-http-link","shortlink":"https://sg.run/RA5q"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"html.security.plaintext-http-link.plaintext-http-link","path":"NodeGoat\\app\\views\\tutorial\\a5.html","start":{"line":51,"col":25,"offset":3219},"end":{"line":51,"col":95,"offset":3289},"extra":{"message":"This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.","metadata":{"category":"security","technology":["html"],"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"confidence":"HIGH","subcategory":["vuln"],"references":["https://cwe.mitre.org/data/definitions/319.html"],"likelihood":"LOW","impact":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/html.security.plaintext-http-link.plaintext-http-link","shortlink":"https://sg.run/RA5q"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-cookie-settings.express-cookie-session-default-name","path":"NodeGoat\\server.js","start":{"line":78,"col":13,"offset":2914},"end":{"line":102,"col":7,"offset":3540},"extra":{"message":"Don’t use the default session cookie name Using the default session cookie name can open your app to attacks. The security issue posed is similar to X-Powered-By: a potential attacker can use it to fingerprint the server and target attacks accordingly.","metadata":{"cwe":["CWE-522: Insufficiently Protected Credentials"],"owasp":["A02:2017 - Broken Authentication","A04:2021 - Insecure Design"],"source-rule-url":"https://expressjs.com/en/advanced/best-practice-security.html","category":"security","technology":["express"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-default-name","shortlink":"https://sg.run/1Z5x"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-domain","path":"NodeGoat\\server.js","start":{"line":78,"col":13,"offset":2914},"end":{"line":102,"col":7,"offset":3540},"extra":{"message":"Default session middleware settings: `domain` not set. It indicates the domain of the cookie; use it to compare against the domain of the server in which the URL is being requested. If they match, then check the path attribute next.","metadata":{"cwe":["CWE-522: Insufficiently Protected Credentials"],"owasp":["A02:2017 - Broken Authentication","A04:2021 - Insecure Design"],"source-rule-url":"https://expressjs.com/en/advanced/best-practice-security.html","category":"security","technology":["express"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-domain","shortlink":"https://sg.run/rd41"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-expires","path":"NodeGoat\\server.js","start":{"line":78,"col":13,"offset":2914},"end":{"line":102,"col":7,"offset":3540},"extra":{"message":"Default session middleware settings: `expires` not set. Use it to set expiration date for persistent cookies.","metadata":{"cwe":["CWE-522: Insufficiently Protected Credentials"],"owasp":["A02:2017 - Broken Authentication","A04:2021 - Insecure Design"],"source-rule-url":"https://expressjs.com/en/advanced/best-practice-security.html","category":"security","technology":["express"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-expires","shortlink":"https://sg.run/N4eG"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-httponly","path":"NodeGoat\\server.js","start":{"line":78,"col":13,"offset":2914},"end":{"line":102,"col":7,"offset":3540},"extra":{"message":"Default session middleware settings: `httpOnly` not set. It ensures the cookie is sent only over HTTP(S), not client JavaScript, helping to protect against cross-site scripting attacks.","metadata":{"cwe":["CWE-522: Insufficiently Protected Credentials"],"owasp":["A02:2017 - Broken Authentication","A04:2021 - Insecure Design"],"source-rule-url":"https://expressjs.com/en/advanced/best-practice-security.html","category":"security","technology":["express"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-httponly","shortlink":"https://sg.run/ydBO"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-path","path":"NodeGoat\\server.js","start":{"line":78,"col":13,"offset":2914},"end":{"line":102,"col":7,"offset":3540},"extra":{"message":"Default session middleware settings: `path` not set. It indicates the path of the cookie; use it to compare against the request path. If this and domain match, then send the cookie in the request.","metadata":{"cwe":["CWE-522: Insufficiently Protected Credentials"],"owasp":["A02:2017 - Broken Authentication","A04:2021 - Insecure Design"],"source-rule-url":"https://expressjs.com/en/advanced/best-practice-security.html","category":"security","technology":["express"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-path","shortlink":"https://sg.run/b7pd"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-secure","path":"NodeGoat\\server.js","start":{"line":78,"col":13,"offset":2914},"end":{"line":102,"col":7,"offset":3540},"extra":{"message":"Default session middleware settings: `secure` not set. It ensures the browser only sends the cookie over HTTPS.","metadata":{"cwe":["CWE-522: Insufficiently Protected Credentials"],"owasp":["A02:2017 - Broken Authentication","A04:2021 - Insecure Design"],"source-rule-url":"https://expressjs.com/en/advanced/best-practice-security.html","category":"security","technology":["express"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-cookie-settings.express-cookie-session-no-secure","shortlink":"https://sg.run/9oKz"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"dockerfile.security.missing-user.missing-user","path":"PyGoat\\Dockerfile","start":{"line":33,"col":1,"offset":686},"end":{"line":33,"col":75,"offset":760},"extra":{"message":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.","fix":"USER non-root\nCMD [\"gunicorn\", \"--bind\", \"0.0.0.0:8000\", \"--workers\",\"6\", \"pygoat.wsgi\"]","metadata":{"cwe":["CWE-250: Execution with Unnecessary Privileges"],"category":"security","technology":["dockerfile"],"confidence":"MEDIUM","owasp":["A04:2021 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authorization"],"source":"https://semgrep.dev/r/dockerfile.security.missing-user.missing-user","shortlink":"https://sg.run/Gbvn"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.django.security.injection.command.subprocess-injection.subprocess-injection","path":"PyGoat\\challenge\\views.py","start":{"line":81,"col":19,"offset":3335},"end":{"line":81,"col":79,"offset":3395},"extra":{"message":"Detected user input entering a `subprocess` call unsafely. This could result in a command injection vulnerability. An attacker could use this vulnerability to execute arbitrary commands on the host, which allows them to download malware, scan sensitive data, or run any command they wish on the server. Do not let users choose the command to run. In general, prefer to use Python API versions of system commands. If you must use subprocess, use a dictionary to allowlist a set of commands.","metadata":{"category":"security","technology":["flask"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"cwe":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"references":["https://semgrep.dev/docs/cheat-sheets/python-command-injection/"],"confidence":"HIGH","cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Command Injection"],"source":"https://semgrep.dev/r/python.django.security.injection.command.subprocess-injection.subprocess-injection","shortlink":"https://sg.run/49BE"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"dockerfile.security.missing-user.missing-user","path":"PyGoat\\dockerized_labs\\broken_auth_lab\\Dockerfile","start":{"line":21,"col":1,"offset":381},"end":{"line":21,"col":25,"offset":405},"extra":{"message":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.","fix":"USER non-root\nCMD [\"python\", \"app.py\"]","metadata":{"cwe":["CWE-250: Execution with Unnecessary Privileges"],"category":"security","technology":["dockerfile"],"confidence":"MEDIUM","owasp":["A04:2021 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authorization"],"source":"https://semgrep.dev/r/dockerfile.security.missing-user.missing-user","shortlink":"https://sg.run/Gbvn"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.lang.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5","path":"PyGoat\\dockerized_labs\\broken_auth_lab\\app.py","start":{"line":86,"col":21,"offset":2803},"end":{"line":86,"col":70,"offset":2852},"extra":{"message":"Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.","metadata":{"source-rule-url":"https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59","cwe":["CWE-327: Use of a Broken or Risky Cryptographic Algorithm"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"bandit-code":"B303","asvs":{"control_id":"6.2.2 Insecure Custom Algorithm","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x14-V6-Cryptography.md#v62-algorithms","section":"V6 Stored Cryptography Verification Requirements","version":"4"},"references":["https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html","https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/sha-1-collision-signals-the-end-of-the-algorithm-s-viability","http://2012.sharcs.org/slides/stevens.pdf","https://pycryptodome.readthedocs.io/en/latest/src/hash/sha3_256.html"],"category":"security","technology":["python"],"subcategory":["vuln"],"likelihood":"LOW","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/python.lang.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5","shortlink":"https://sg.run/vYrY"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host","path":"PyGoat\\dockerized_labs\\broken_auth_lab\\app.py","start":{"line":123,"col":5,"offset":4088},"end":{"line":123,"col":51,"offset":4134},"extra":{"message":"Running flask app with host 0.0.0.0 could expose the server publicly.","metadata":{"cwe":["CWE-668: Exposure of Resource to Wrong Sphere"],"owasp":["A01:2021 - Broken Access Control"],"category":"security","technology":["flask"],"references":["https://owasp.org/Top10/A01_2021-Broken_Access_Control"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Other"],"source":"https://semgrep.dev/r/python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host","shortlink":"https://sg.run/eLby"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.flask.security.audit.debug-enabled.debug-enabled","path":"PyGoat\\dockerized_labs\\broken_auth_lab\\app.py","start":{"line":123,"col":5,"offset":4088},"end":{"line":123,"col":51,"offset":4134},"extra":{"message":"Detected Flask app with debug=True. Do not deploy to production with this flag enabled as it will leak sensitive information. Instead, consider using Flask configuration variables or setting 'debug' using system environment variables.","metadata":{"cwe":["CWE-489: Active Debug Code"],"owasp":"A06:2017 - Security Misconfiguration","references":["https://labs.detectify.com/2015/10/02/how-patreon-got-hacked-publicly-exposed-werkzeug-debugger/"],"category":"security","technology":["flask"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Active Debug Code"],"source":"https://semgrep.dev/r/python.flask.security.audit.debug-enabled.debug-enabled","shortlink":"https://sg.run/dKrd"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"dockerfile.security.missing-user.missing-user","path":"PyGoat\\dockerized_labs\\insec_des_lab\\Dockerfile","start":{"line":15,"col":1,"offset":200},"end":{"line":15,"col":47,"offset":246},"extra":{"message":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.","fix":"USER non-root\nCMD [\"flask\", \"run\", \"--debug\", \"--port=8080\"]","metadata":{"cwe":["CWE-250: Execution with Unnecessary Privileges"],"category":"security","technology":["dockerfile"],"confidence":"MEDIUM","owasp":["A04:2021 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authorization"],"source":"https://semgrep.dev/r/dockerfile.security.missing-user.missing-user","shortlink":"https://sg.run/Gbvn"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host","path":"PyGoat\\dockerized_labs\\insec_des_lab\\main.py","start":{"line":51,"col":5,"offset":1740},"end":{"line":51,"col":39,"offset":1774},"extra":{"message":"Running flask app with host 0.0.0.0 could expose the server publicly.","metadata":{"cwe":["CWE-668: Exposure of Resource to Wrong Sphere"],"owasp":["A01:2021 - Broken Access Control"],"category":"security","technology":["flask"],"references":["https://owasp.org/Top10/A01_2021-Broken_Access_Control"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Other"],"source":"https://semgrep.dev/r/python.flask.security.audit.app-run-param-config.avoid_app_run_with_bad_host","shortlink":"https://sg.run/eLby"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"dockerfile.security.missing-user-entrypoint.missing-user-entrypoint","path":"PyGoat\\dockerized_labs\\sensitive_data_exposure\\Dockerfile","start":{"line":18,"col":1,"offset":294},"end":{"line":18,"col":30,"offset":323},"extra":{"message":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.","fix":"USER non-root\nENTRYPOINT [\"/entrypoint.sh\"]","metadata":{"cwe":["CWE-269: Improper Privilege Management"],"category":"security","technology":["dockerfile"],"confidence":"MEDIUM","owasp":["A04:2021 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authorization"],"source":"https://semgrep.dev/r/dockerfile.security.missing-user-entrypoint.missing-user-entrypoint","shortlink":"https://sg.run/k281"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"dockerfile.security.missing-user.missing-user","path":"PyGoat\\dockerized_labs\\sensitive_data_exposure\\Dockerfile","start":{"line":19,"col":1,"offset":325},"end":{"line":19,"col":57,"offset":381},"extra":{"message":"By not specifying a USER, a program in the container may run as 'root'. This is a security hazard. If an attacker can control a process running as root, they may have control over the container. Ensure that the last USER in a Dockerfile is a USER other than 'root'.","fix":"USER non-root\nCMD [\"python\", \"manage.py\", \"runserver\", \"0.0.0.0:8000\"]","metadata":{"cwe":["CWE-250: Execution with Unnecessary Privileges"],"category":"security","technology":["dockerfile"],"confidence":"MEDIUM","owasp":["A04:2021 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Authorization"],"source":"https://semgrep.dev/r/dockerfile.security.missing-user.missing-user","shortlink":"https://sg.run/Gbvn"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.django.security.injection.request-data-write.request-data-write","path":"PyGoat\\introduction\\apis.py","start":{"line":64,"col":9,"offset":2569},"end":{"line":70,"col":26,"offset":2906},"extra":{"message":"Found user-controlled request data passed into '.write(...)'. This could be dangerous if a malicious actor is able to control data into sensitive files. For example, a malicious actor could force rolling of critical log files, or cause a denial-of-service by using up available disk space. Instead, ensure that request data is properly escaped or sanitized.","metadata":{"cwe":["CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"],"owasp":["A03:2021 - Injection"],"category":"security","technology":["django"],"references":["https://owasp.org/Top10/A03_2021-Injection"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/python.django.security.injection.request-data-write.request-data-write","shortlink":"https://sg.run/0Q6j"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.django.security.injection.request-data-write.request-data-write","path":"PyGoat\\introduction\\apis.py","start":{"line":65,"col":9,"offset":2618},"end":{"line":73,"col":26,"offset":2988},"extra":{"message":"Found user-controlled request data passed into '.write(...)'. This could be dangerous if a malicious actor is able to control data into sensitive files. For example, a malicious actor could force rolling of critical log files, or cause a denial-of-service by using up available disk space. Instead, ensure that request data is properly escaped or sanitized.","metadata":{"cwe":["CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"],"owasp":["A03:2021 - Injection"],"category":"security","technology":["django"],"references":["https://owasp.org/Top10/A03_2021-Injection"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/python.django.security.injection.request-data-write.request-data-write","shortlink":"https://sg.run/0Q6j"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.django.security.injection.request-data-write.request-data-write","path":"PyGoat\\introduction\\apis.py","start":{"line":130,"col":9,"offset":5040},"end":{"line":134,"col":22,"offset":5241},"extra":{"message":"Found user-controlled request data passed into '.write(...)'. This could be dangerous if a malicious actor is able to control data into sensitive files. For example, a malicious actor could force rolling of critical log files, or cause a denial-of-service by using up available disk space. Instead, ensure that request data is properly escaped or sanitized.","metadata":{"cwe":["CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"],"owasp":["A03:2021 - Injection"],"category":"security","technology":["django"],"references":["https://owasp.org/Top10/A03_2021-Injection"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Improper Validation"],"source":"https://semgrep.dev/r/python.django.security.injection.request-data-write.request-data-write","shortlink":"https://sg.run/0Q6j"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.lang.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5","path":"PyGoat\\introduction\\mitre.py","start":{"line":161,"col":20,"offset":4526},"end":{"line":161,"col":42,"offset":4548},"extra":{"message":"Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use SHA256 or SHA3 instead.","metadata":{"source-rule-url":"https://github.com/PyCQA/bandit/blob/d5f8fa0d89d7b11442fc6ec80ca42953974354c8/bandit/blacklists/calls.py#L59","cwe":["CWE-327: Use of a Broken or Risky Cryptographic Algorithm"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"bandit-code":"B303","asvs":{"control_id":"6.2.2 Insecure Custom Algorithm","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x14-V6-Cryptography.md#v62-algorithms","section":"V6 Stored Cryptography Verification Requirements","version":"4"},"references":["https://www.schneier.com/blog/archives/2012/10/when_will_we_se.html","https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/sha-1-collision-signals-the-end-of-the-algorithm-s-viability","http://2012.sharcs.org/slides/stevens.pdf","https://pycryptodome.readthedocs.io/en/latest/src/hash/sha3_256.html"],"category":"security","technology":["python"],"subcategory":["vuln"],"likelihood":"LOW","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/python.lang.security.insecure-hash-algorithms-md5.insecure-hash-algorithm-md5","shortlink":"https://sg.run/vYrY"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.lang.security.audit.md5-used-as-password.md5-used-as-password","path":"PyGoat\\introduction\\mitre.py","start":{"line":161,"col":20,"offset":4526},"end":{"line":161,"col":54,"offset":4560},"extra":{"message":"It looks like MD5 is used as a password hash. MD5 is not considered a secure password hash because it can be cracked by an attacker in a short amount of time. Use a suitable password hashing function such as scrypt. You can use `hashlib.scrypt`.","metadata":{"cwe":["CWE-327: Use of a Broken or Risky Cryptographic Algorithm"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"references":["https://tools.ietf.org/html/rfc6151","https://crypto.stackexchange.com/questions/44151/how-does-the-flame-malware-take-advantage-of-md5-collision","https://pycryptodome.readthedocs.io/en/latest/src/hash/sha3_256.html","https://security.stackexchange.com/questions/211/how-to-securely-hash-passwords","https://github.com/returntocorp/semgrep-rules/issues/1609","https://docs.python.org/3/library/hashlib.html#hashlib.scrypt"],"category":"security","technology":["pycryptodome","hashlib","md5"],"subcategory":["vuln"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/python.lang.security.audit.md5-used-as-password.md5-used-as-password","shortlink":"https://sg.run/5DwD"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret","path":"PyGoat\\introduction\\mitre.py","start":{"line":169,"col":22,"offset":4899},"end":{"line":169,"col":82,"offset":4959},"extra":{"message":"Hardcoded JWT secret or private key is used. This is a Insufficiently Protected Credentials weakness: https://cwe.mitre.org/data/definitions/522.html Consider using an appropriate security mechanism to protect the credentials (e.g. keeping secrets in environment variables)","metadata":{"cwe":["CWE-522: Insufficiently Protected Credentials"],"owasp":["A02:2017 - Broken Authentication","A04:2021 - Insecure Design"],"references":["https://semgrep.dev/blog/2020/hardcoded-secrets-unverified-tokens-and-other-common-jwt-mistakes/"],"category":"security","technology":["jwt"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/python.jwt.security.jwt-hardcode.jwt-python-hardcoded-secret","shortlink":"https://sg.run/l2E9"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.django.security.injection.code.user-eval.user-eval","path":"PyGoat\\introduction\\mitre.py","start":{"line":217,"col":9,"offset":6868},"end":{"line":218,"col":34,"offset":6946},"extra":{"message":"Found user data in a call to 'eval'. This is extremely dangerous because it can enable an attacker to execute arbitrary remote code on the system. Instead, refactor your code to not use 'eval' and instead use a safe library for the specific functionality you need.","metadata":{"cwe":["CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')"],"owasp":["A03:2021 - Injection"],"references":["https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html","https://owasp.org/www-community/attacks/Code_Injection"],"category":"security","technology":["django"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"HIGH","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Code Injection"],"source":"https://semgrep.dev/r/python.django.security.injection.code.user-eval.user-eval","shortlink":"https://sg.run/PJDW"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"python.lang.security.audit.subprocess-shell-true.subprocess-shell-true","path":"PyGoat\\introduction\\mitre.py","start":{"line":233,"col":47,"offset":7352},"end":{"line":233,"col":51,"offset":7356},"extra":{"message":"Found 'subprocess' function 'Popen' with 'shell=True'. This is dangerous because this call will spawn the command using a shell process. Doing so propagates current shell settings and variables, which makes it much easier for a malicious actor to execute commands. Use 'shell=False' instead.","fix":"False","metadata":{"source-rule-url":"https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html","owasp":["A01:2017 - Injection","A03:2021 - Injection"],"cwe":["CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"],"references":["https://stackoverflow.com/questions/3172470/actual-meaning-of-shell-true-in-subprocess","https://docs.python.org/3/library/subprocess.html"],"category":"security","technology":["python"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["secure default"],"likelihood":"HIGH","impact":"LOW","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Command Injection"],"source":"https://semgrep.dev/r/python.lang.security.audit.subprocess-shell-true.subprocess-shell-true","shortlink":"https://sg.run/J92w"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-db-instance-no-logging.aws-db-instance-no-logging","path":"TerraGoat\\terraform\\aws\\db-app.tf","start":{"line":1,"col":1,"offset":0},"end":{"line":41,"col":2,"offset":1542},"extra":{"message":"Database instance has no logging. Missing logs can cause missing important event information.","metadata":{"owasp":["A03:2017 - Sensitive Data Exposure","A04:2021 - Insecure Design"],"cwe":["CWE-311: Missing Encryption of Sensitive Data"],"technology":["aws","terraform"],"category":"security","references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"LOW","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-db-instance-no-logging.aws-db-instance-no-logging","shortlink":"https://sg.run/GyAp"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-rds-backup-no-retention.aws-rds-backup-no-retention","path":"TerraGoat\\terraform\\aws\\db-app.tf","start":{"line":1,"col":1,"offset":0},"end":{"line":41,"col":2,"offset":1542},"extra":{"message":"The AWS RDS has no retention. Missing retention can cause losing important event information. To fix this, set a `backup_retention_period`.","metadata":{"owasp":["A03:2017 - Sensitive Data Exposure"],"cwe":["CWE-320: CWE CATEGORY: Key Management Errors"],"technology":["aws","terraform"],"category":"security","references":["https://owasp.org/Top10/A02_2021-Cryptographic_Failures"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-rds-backup-no-retention.aws-rds-backup-no-retention","shortlink":"https://sg.run/OyYB"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional","path":"TerraGoat\\terraform\\aws\\db-app.tf","start":{"line":242,"col":1,"offset":7488},"end":{"line":412,"col":2,"offset":12347},"extra":{"message":"AWS EC2 Instance allowing use of the IMDSv1","metadata":{"cwe":["CWE-918: Server-Side Request Forgery (SSRF)"],"references":["https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#metadata-options"],"category":"security","technology":["terraform","aws"],"owasp":["A10:2021 - Server-Side Request Forgery (SSRF)"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"LOW","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Server-Side Request Forgery (SSRF)"],"source":"https://semgrep.dev/r/terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional","shortlink":"https://sg.run/J3BQ"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional","path":"TerraGoat\\terraform\\aws\\ec2.tf","start":{"line":1,"col":1,"offset":0},"end":{"line":32,"col":2,"offset":1144},"extra":{"message":"AWS EC2 Instance allowing use of the IMDSv1","metadata":{"cwe":["CWE-918: Server-Side Request Forgery (SSRF)"],"references":["https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#metadata-options"],"category":"security","technology":["terraform","aws"],"owasp":["A10:2021 - Server-Side Request Forgery (SSRF)"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"LOW","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Server-Side Request Forgery (SSRF)"],"source":"https://semgrep.dev/r/terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional","shortlink":"https://sg.run/J3BQ"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-ebs-volume-unencrypted.aws-ebs-volume-unencrypted","path":"TerraGoat\\terraform\\aws\\ec2.tf","start":{"line":34,"col":1,"offset":1148},"end":{"line":51,"col":2,"offset":1858},"extra":{"message":"The AWS EBS volume is unencrypted. The volume, the disk I/O and any derived snapshots could be read if compromised. Volumes should be encrypted to ensure sensitive data is stored securely.","metadata":{"category":"security","technology":["terraform","aws"],"owasp":["A03:2017 - Sensitive Data Exposure","A04:2021 - Insecure Design"],"cwe":["CWE-311: Missing Encryption of Sensitive Data"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ebs_volume#encrypted","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html"],"subcategory":["audit"],"likelihood":"MEDIUM","impact":"HIGH","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-ebs-volume-unencrypted.aws-ebs-volume-unencrypted","shortlink":"https://sg.run/6ZbY"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address","path":"TerraGoat\\terraform\\aws\\ec2.tf","start":{"line":135,"col":1,"offset":4474},"end":{"line":153,"col":2,"offset":5187},"extra":{"message":"Resources in the AWS subnet are assigned a public IP address. Resources should not be exposed on the public internet, but should have access limited to consumers required for the function of your application. Set `map_public_ip_on_launch` to false so that resources are not publicly-accessible.","metadata":{"category":"security","technology":["terraform","aws"],"owasp":["A01:2021 - Broken Access Control"],"cwe":["CWE-1220: Insufficient Granularity of Access Control"],"references":["https://owasp.org/Top10/A01_2021-Broken_Access_Control/","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#map_public_ip_on_launch","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Other"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address","shortlink":"https://sg.run/XJZw"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address","path":"TerraGoat\\terraform\\aws\\ec2.tf","start":{"line":155,"col":1,"offset":5191},"end":{"line":173,"col":2,"offset":5906},"extra":{"message":"Resources in the AWS subnet are assigned a public IP address. Resources should not be exposed on the public internet, but should have access limited to consumers required for the function of your application. Set `map_public_ip_on_launch` to false so that resources are not publicly-accessible.","metadata":{"category":"security","technology":["terraform","aws"],"owasp":["A01:2021 - Broken Access Control"],"cwe":["CWE-1220: Insufficient Granularity of Access Control"],"references":["https://owasp.org/Top10/A01_2021-Broken_Access_Control/","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet#map_public_ip_on_launch","https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses"],"subcategory":["audit"],"likelihood":"LOW","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Other"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-subnet-has-public-ip-address.aws-subnet-has-public-ip-address","shortlink":"https://sg.run/XJZw"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-kms-no-rotation.aws-kms-no-rotation","path":"TerraGoat\\terraform\\aws\\kms.tf","start":{"line":1,"col":1,"offset":0},"end":{"line":16,"col":2,"offset":606},"extra":{"message":"The AWS KMS has no rotation. Missing rotation can cause leaked key to be used by attackers. To fix this, set a `enable_key_rotation`.","metadata":{"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"cwe":["CWE-326: Inadequate Encryption Strength"],"technology":["aws","terraform"],"category":"security","references":["https://owasp.org/Top10/A02_2021-Cryptographic_Failures"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-kms-no-rotation.aws-kms-no-rotation","shortlink":"https://sg.run/kz47"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active","path":"TerraGoat\\terraform\\aws\\lambda.tf","start":{"line":31,"col":1,"offset":801},"end":{"line":58,"col":2,"offset":1843},"extra":{"message":"The AWS Lambda function does not have active X-Ray tracing enabled. X-Ray tracing enables end-to-end debugging and analysis of all function activity. This makes it easier to trace the flow of logs and identify bottlenecks, slow downs and timeouts.","metadata":{"category":"security","technology":["aws","terraform"],"owasp":["A09:2021 Security Logging and Monitoring Failures"],"cwe":["CWE-778: Insufficient Logging"],"references":["https://cwe.mitre.org/data/definitions/778.html","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#mode","https://docs.aws.amazon.com/lambda/latest/dg/services-xray.html"],"subcategory":["audit"],"likelihood":"LOW","impact":"LOW","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Insufficient Logging"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-lambda-x-ray-tracing-not-active.aws-lambda-x-ray-tracing-not-active","shortlink":"https://sg.run/wO2Y"},"severity":"INFO","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-provider-static-credentials.aws-provider-static-credentials","path":"TerraGoat\\terraform\\aws\\providers.tf","start":{"line":11,"col":17,"offset":225},"end":{"line":11,"col":57,"offset":265},"extra":{"message":"A hard-coded credential was detected. It is not recommended to store credentials in source-code, as this risks secrets being leaked and used by either an internal or external malicious adversary. It is recommended to use environment variables to securely provide credentials or retrieve credentials from a secure vault or HSM (Hardware Security Module).","metadata":{"technology":["secrets","aws","terraform"],"category":"security","cwe":["CWE-798: Use of Hard-coded Credentials"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Secrets_Management_Cheat_Sheet.html"],"owasp":["A07:2021 - Identification and Authentication Failures"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Hard-coded Secrets"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-provider-static-credentials.aws-provider-static-credentials","shortlink":"https://sg.run/L3kn"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.azure.security.azure-key-no-expiration-date.azure-key-no-expiration-date","path":"TerraGoat\\terraform\\azure\\key_vault.tf","start":{"line":33,"col":1,"offset":1157},"end":{"line":33,"col":9,"offset":1165},"extra":{"message":"Ensure that the expiration date is set on all keys","metadata":{"owasp":["A03:2017 - Sensitive Data Exposure"],"cwe":["CWE-320: CWE CATEGORY: Key Management Errors"],"category":"security","technology":["terraform","azure"],"references":["https://owasp.org/Top10/A02_2021-Cryptographic_Failures"],"subcategory":["vuln"],"likelihood":"LOW","impact":"LOW","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.azure.security.azure-key-no-expiration-date.azure-key-no-expiration-date","shortlink":"https://sg.run/J1vw"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.azure.security.storage.storage-use-secure-tls-policy.storage-use-secure-tls-policy","path":"TerraGoat\\terraform\\azure\\storage.tf","start":{"line":23,"col":1,"offset":802},"end":{"line":60,"col":2,"offset":2184},"extra":{"message":"Azure Storage currently supports three versions of the TLS protocol: 1.0, 1.1, and 1.2. Azure Storage uses TLS 1.2 on public HTTPS endpoints, but TLS 1.0 and TLS 1.1 are still supported for backward compatibility. This check will warn if the minimum TLS is not set to TLS1_2.","metadata":{"cwe":["CWE-326: Inadequate Encryption Strength"],"category":"security","technology":["terraform","azure"],"references":["https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#min_tls_version","https://docs.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.azure.security.storage.storage-use-secure-tls-policy.storage-use-secure-tls-policy","shortlink":"https://sg.run/KXD7"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.gcp.security.gcp-cloud-storage-logging.gcp-cloud-storage-logging","path":"TerraGoat\\terraform\\gcp\\gcs.tf","start":{"line":1,"col":1,"offset":0},"end":{"line":14,"col":2,"offset":561},"extra":{"message":"Ensure bucket logs access.","metadata":{"owasp":["A10:2017 - Insufficient Logging & Monitoring","A09:2021 - Security Logging and Monitoring Failures"],"cwe":["CWE-778: Insufficient Logging"],"technology":["terraform","gcp"],"category":"security","references":["https://docs.bridgecrew.io/docs/google-cloud-policy-index"],"subcategory":["vuln"],"likelihood":"LOW","impact":"LOW","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Insufficient Logging"],"source":"https://semgrep.dev/r/terraform.gcp.security.gcp-cloud-storage-logging.gcp-cloud-storage-logging","shortlink":"https://sg.run/5g5D"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.spring.security.injection.tainted-sql-string.tainted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge5\\Assignment5.java","start":{"line":45,"col":15,"offset":1831},"end":{"line":49,"col":24,"offset":2025},"extra":{"message":"User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`connection.PreparedStatement`) or a safe library.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"references":["https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html"],"category":"security","technology":["spring"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","interfile":true,"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.spring.security.injection.tainted-sql-string.tainted-sql-string","shortlink":"https://sg.run/9rzz"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.formatted-sql-string.formatted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge5\\Assignment5.java","start":{"line":50,"col":29,"offset":2057},"end":{"line":50,"col":53,"offset":2081},"extra":{"message":"Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#SQL_INJECTION","asvs":{"control_id":"5.3.5 Injection","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v53-output-encoding-and-injection-prevention-requirements","section":"V5: Validation, Sanitization and Encoding Verification Requirements","version":"4"},"references":["https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html#create_ps","https://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string","shortlink":"https://sg.run/OPXp"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.tainted-session-from-http-request.tainted-session-from-http-request","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\EncodingAssignment.java","start":{"line":39,"col":54,"offset":1747},"end":{"line":39,"col":63,"offset":1756},"extra":{"message":"Detected input from a HTTPServletRequest going into a session command, like `setAttribute`. User input into such a command could lead to an attacker inputting malicious code into your session parameters, blurring the line between what's trusted and untrusted, and therefore leading to a trust boundary violation. This could lead to programmers trusting unvalidated data. Instead, thoroughly sanitize user input before passing it into such function calls.","metadata":{"category":"security","technology":["java"],"cwe":["CWE-501: Trust Boundary Violation"],"owasp":["A04:2021 - Insecure Design"],"references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["vuln"],"impact":"MEDIUM","likelihood":"MEDIUM","confidence":"MEDIUM","interfile":true,"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Other"],"source":"https://semgrep.dev/r/java.lang.security.audit.tainted-session-from-http-request.tainted-session-from-http-request","shortlink":"https://sg.run/QbDZ"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.crypto.use-of-md5.use-of-md5","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\HashingAssignment.java","start":{"line":39,"col":52,"offset":1767},"end":{"line":39,"col":57,"offset":1772},"extra":{"message":"Detected MD5 hash algorithm which is considered insecure. MD5 is not collision resistant and is therefore not suitable as a cryptographic signature. Use HMAC instead.","fix":"\"SHA-512\"","metadata":{"functional-categories":["crypto::search::hash-algorithm::java.security"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"cwe":["CWE-328: Use of Weak Hash"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#WEAK_MESSAGE_DIGEST_MD5","category":"security","technology":["java"],"references":["https://owasp.org/Top10/A02_2021-Cryptographic_Failures"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"HIGH","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Insecure Hashing Algorithm"],"source":"https://semgrep.dev/r/java.lang.security.audit.crypto.use-of-md5.use-of-md5","shortlink":"https://sg.run/ryJn"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.spring.security.injection.tainted-url-host.tainted-url-host","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\claimmisuse\\JWTHeaderJKUEndpoint.java","start":{"line":57,"col":50,"offset":2174},"end":{"line":57,"col":73,"offset":2197},"extra":{"message":"User data flows into the host portion of this manually-constructed URL. This could allow an attacker to send data to their own server, potentially exposing sensitive data such as cookies or authorization information sent with this request. They could also probe internal servers or other resources that the server running this code can access. (This is called server-side request forgery, or SSRF.) Do not allow arbitrary hosts. Instead, create an allowlist for approved hosts, hardcode the correct host, or ensure that the user data can only affect the path or parameters.","metadata":{"cwe":["CWE-918: Server-Side Request Forgery (SSRF)"],"owasp":["A10:2021 - Server-Side Request Forgery (SSRF)"],"references":["https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html"],"category":"security","technology":["java","spring"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"impact":"MEDIUM","likelihood":"MEDIUM","confidence":"MEDIUM","interfile":true,"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Server-Side Request Forgery (SSRF)"],"source":"https://semgrep.dev/r/java.spring.security.injection.tainted-url-host.tainted-url-host","shortlink":"https://sg.run/vkYn"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.spring.security.audit.spring-unvalidated-redirect.spring-unvalidated-redirect","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectRealRedirect.java","start":{"line":18,"col":3,"offset":552},"end":{"line":22,"col":4,"offset":758},"extra":{"message":"Application redirects a user to a destination URL specified by a user supplied parameter that is not validated.","metadata":{"cwe":["CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"],"owasp":["A01:2021 - Broken Access Control"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#UNVALIDATED_REDIRECT","category":"security","technology":["spring"],"references":["https://owasp.org/Top10/A01_2021-Broken_Access_Control"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Open Redirect"],"source":"https://semgrep.dev/r/java.spring.security.audit.spring-unvalidated-redirect.spring-unvalidated-redirect","shortlink":"https://sg.run/9oXz"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.httpservlet-path-traversal.httpservlet-path-traversal","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileUploadRetrieval.java","start":{"line":100,"col":11,"offset":4057},"end":{"line":101,"col":98,"offset":4168},"extra":{"message":"Detected a potential path traversal. A malicious actor could control the location of this file, to include going backwards in the directory with '../'. To address this, ensure that user-controlled variables in file paths are sanitized. You may also consider using a utility method such as org.apache.commons.io.FilenameUtils.getName(...) to only retrieve the file name from the path.","metadata":{"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#PATH_TRAVERSAL_IN","references":["https://www.owasp.org/index.php/Path_Traversal"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/java.lang.security.httpservlet-path-traversal.httpservlet-path-traversal","shortlink":"https://sg.run/oxXN"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.spring.security.injection.tainted-sql-string.tainted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\advanced\\SqlInjectionChallenge.java","start":{"line":55,"col":13,"offset":2043},"end":{"line":55,"col":87,"offset":2117},"extra":{"message":"User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`connection.PreparedStatement`) or a safe library.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"references":["https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html"],"category":"security","technology":["spring"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","interfile":true,"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.spring.security.injection.tainted-sql-string.tainted-sql-string","shortlink":"https://sg.run/9rzz"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.formatted-sql-string.formatted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\advanced\\SqlInjectionChallenge.java","start":{"line":57,"col":31,"offset":2211},"end":{"line":57,"col":69,"offset":2249},"extra":{"message":"Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#SQL_INJECTION","asvs":{"control_id":"5.3.5 Injection","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v53-output-encoding-and-injection-prevention-requirements","section":"V5: Validation, Sanitization and Encoding Verification Requirements","version":"4"},"references":["https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html#create_ps","https://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string","shortlink":"https://sg.run/OPXp"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.formatted-sql-string.formatted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson10.java","start":{"line":56,"col":29,"offset":2131},"end":{"line":56,"col":58,"offset":2160},"extra":{"message":"Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#SQL_INJECTION","asvs":{"control_id":"5.3.5 Injection","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v53-output-encoding-and-injection-prevention-requirements","section":"V5: Validation, Sanitization and Encoding Verification Requirements","version":"4"},"references":["https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html#create_ps","https://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string","shortlink":"https://sg.run/OPXp"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.formatted-sql-string.formatted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson5a.java","start":{"line":52,"col":29,"offset":2493},"end":{"line":52,"col":58,"offset":2522},"extra":{"message":"Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#SQL_INJECTION","asvs":{"control_id":"5.3.5 Injection","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v53-output-encoding-and-injection-prevention-requirements","section":"V5: Validation, Sanitization and Encoding Verification Requirements","version":"4"},"references":["https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html#create_ps","https://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string","shortlink":"https://sg.run/OPXp"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.formatted-sql-string.formatted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson5b.java","start":{"line":69,"col":29,"offset":2605},"end":{"line":69,"col":49,"offset":2625},"extra":{"message":"Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#SQL_INJECTION","asvs":{"control_id":"5.3.5 Injection","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v53-output-encoding-and-injection-prevention-requirements","section":"V5: Validation, Sanitization and Encoding Verification Requirements","version":"4"},"references":["https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html#create_ps","https://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string","shortlink":"https://sg.run/OPXp"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.formatted-sql-string.formatted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson8.java","start":{"line":62,"col":29,"offset":2329},"end":{"line":62,"col":58,"offset":2358},"extra":{"message":"Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#SQL_INJECTION","asvs":{"control_id":"5.3.5 Injection","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v53-output-encoding-and-injection-prevention-requirements","section":"V5: Validation, Sanitization and Encoding Verification Requirements","version":"4"},"references":["https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html#create_ps","https://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string","shortlink":"https://sg.run/OPXp"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.formatted-sql-string.formatted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson8.java","start":{"line":142,"col":7,"offset":5029},"end":{"line":142,"col":40,"offset":5062},"extra":{"message":"Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#SQL_INJECTION","asvs":{"control_id":"5.3.5 Injection","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v53-output-encoding-and-injection-prevention-requirements","section":"V5: Validation, Sanitization and Encoding Verification Requirements","version":"4"},"references":["https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html#create_ps","https://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string","shortlink":"https://sg.run/OPXp"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.lang.security.audit.formatted-sql-string.formatted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson9.java","start":{"line":65,"col":7,"offset":2602},"end":{"line":65,"col":40,"offset":2635},"extra":{"message":"Detected a formatted string in a SQL statement. This could lead to SQL injection if variables in the SQL statement are not properly sanitized. Use a prepared statements (java.sql.PreparedStatement) instead. You can obtain a PreparedStatement using 'connection.prepareStatement'.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"source-rule-url":"https://find-sec-bugs.github.io/bugs.htm#SQL_INJECTION","asvs":{"control_id":"5.3.5 Injection","control_url":"https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v53-output-encoding-and-injection-prevention-requirements","section":"V5: Validation, Sanitization and Encoding Verification Requirements","version":"4"},"references":["https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html","https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html#create_ps","https://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-using-prepared-callable-statement"],"category":"security","technology":["java"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.lang.security.audit.formatted-sql-string.formatted-sql-string","shortlink":"https://sg.run/OPXp"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.spring.security.injection.tainted-sql-string.tainted-sql-string","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\Servers.java","start":{"line":51,"col":15,"offset":1553},"end":{"line":53,"col":27,"offset":1710},"extra":{"message":"User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements (`connection.PreparedStatement`) or a safe library.","metadata":{"cwe":["CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"],"owasp":["A01:2017 - Injection","A03:2021 - Injection"],"references":["https://docs.oracle.com/javase/7/docs/api/java/sql/PreparedStatement.html"],"category":"security","technology":["spring"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","interfile":true,"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["SQL Injection"],"source":"https://semgrep.dev/r/java.spring.security.injection.tainted-sql-string.tainted-sql-string","shortlink":"https://sg.run/9rzz"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.spring.security.injection.tainted-file-path.tainted-file-path","path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\FileServer.java","start":{"line":79,"col":35,"offset":2892},"end":{"line":79,"col":96,"offset":2953},"extra":{"message":"Detected user input controlling a file path. An attacker could control the location of this file, to include going backwards in the directory with '../'. To address this, ensure that user-controlled variables in file paths are sanitized. You may also consider using a utility method such as org.apache.commons.io.FilenameUtils.getName(...) to only retrieve the file name from the path.","metadata":{"cwe":["CWE-23: Relative Path Traversal"],"owasp":["A01:2021 - Broken Access Control"],"references":["https://owasp.org/www-community/attacks/Path_Traversal"],"category":"security","technology":["java","spring"],"subcategory":["vuln"],"impact":"HIGH","likelihood":"MEDIUM","confidence":"HIGH","interfile":true,"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/java.spring.security.injection.tainted-file-path.tainted-file-path","shortlink":"https://sg.run/x9o0"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"java.spring.security.audit.spring-actuator-non-health-enabled.spring-actuator-dangerous-endpoints-enabled","path":"WebGoat\\src\\main\\resources\\application-webgoat.properties","start":{"line":68,"col":1,"offset":2920},"end":{"line":68,"col":66,"offset":2985},"extra":{"message":"Spring Boot Actuators \"env, health,configprops\" are enabled. Depending on the actuators, this can pose a significant security risk. Please double-check if the actuators are needed and properly secured.","metadata":{"cwe":["CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"],"owasp":["A01:2021 - Broken Access Control"],"references":["https://docs.spring.io/spring-boot/docs/current/reference/html/production-ready-features.html#production-ready-endpoints-exposing-endpoints","https://medium.com/walmartglobaltech/perils-of-spring-boot-actuators-misconfiguration-185c43a0f785","https://blog.maass.xyz/spring-actuator-security-part-1-stealing-secrets-using-spring-actuators"],"category":"security","technology":["spring"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"HIGH","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/java.spring.security.audit.spring-actuator-non-health-enabled.spring-actuator-dangerous-endpoints-enabled","shortlink":"https://sg.run/5g23"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"html.security.plaintext-http-link.plaintext-http-link","path":"WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\html\\ClientSideFiltering.html","start":{"line":96,"col":51,"offset":5331},"end":{"line":96,"col":95,"offset":5375},"extra":{"message":"This link points to a plaintext HTTP URL. Prefer an encrypted HTTPS URL if possible.","metadata":{"category":"security","technology":["html"],"cwe":["CWE-319: Cleartext Transmission of Sensitive Information"],"owasp":["A03:2017 - Sensitive Data Exposure","A02:2021 - Cryptographic Failures"],"confidence":"HIGH","subcategory":["vuln"],"references":["https://cwe.mitre.org/data/definitions/319.html"],"likelihood":"LOW","impact":"LOW","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Mishandled Sensitive Information"],"source":"https://semgrep.dev/r/html.security.plaintext-http-link.plaintext-http-link","shortlink":"https://sg.run/RA5q"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal","path":"lesson-01\\demo-01-configuration\\vulnerable-pattern-test.js","start":{"line":82,"col":52,"offset":2893},"end":{"line":82,"col":60,"offset":2901},"extra":{"message":"Possible writing outside of the destination, make sure that the target path is nested in the intended destination","metadata":{"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control"],"cwe":["CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"category":"security","references":["https://owasp.org/www-community/attacks/Path_Traversal"],"technology":["express","node.js"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"HIGH","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Path Traversal"],"source":"https://semgrep.dev/r/javascript.express.security.audit.express-path-join-resolve-traversal.express-path-join-resolve-traversal","shortlink":"https://sg.run/weRn"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"javascript.node-crypto.security.gcm-no-tag-length.gcm-no-tag-length","path":"lesson-02\\demo-01-crypto\\encryption-demo.js","start":{"line":68,"col":20,"offset":2407},"end":{"line":68,"col":67,"offset":2454},"extra":{"message":"The call to 'createDecipheriv' with the Galois Counter Mode (GCM) mode of operation is missing an expected authentication tag length. If the expected authentication tag length is not specified or otherwise checked, the application might be tricked into verifying a shorter-than-expected authentication tag. This can be abused by an attacker to spoof ciphertexts or recover the implicit authentication key of GCM, allowing arbitrary forgeries.","metadata":{"cwe":["CWE-310: CWE CATEGORY: Cryptographic Issues"],"owasp":["A02:2021 - Cryptographic Failures"],"category":"security","subcategory":["vuln"],"technology":["node-crypto"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","references":["https://www.securesystems.de/blog/forging_ciphertexts_under_Galois_Counter_Mode_for_the_Node_js_crypto_module/","https://nodejs.org/api/crypto.html#cryptocreatedecipherivalgorithm-key-iv-options","https://owasp.org/Top10/A02_2021-Cryptographic_Failures/"],"license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/javascript.node-crypto.security.gcm-no-tag-length.gcm-no-tag-length","shortlink":"https://sg.run/NbGG1"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-ec2-has-public-ip.aws-ec2-has-public-ip","path":"lesson-05\\demo-01-iac-templates\\vulnerable\\ec2-vulnerable.tf","start":{"line":17,"col":1,"offset":676},"end":{"line":52,"col":2,"offset":1691},"extra":{"message":"EC2 instances should not have a public IP address attached in order to block public access to the instances. To fix this, set your `associate_public_ip_address` to `\"false\"`.","metadata":{"category":"security","technology":["terraform","aws"],"owasp":["A05:2017 - Broken Access Control","A01:2021 - Broken Access Control"],"cwe":["CWE-1220: Insufficient Granularity of Access Control"],"references":["https://owasp.org/Top10/A01_2021-Broken_Access_Control"],"subcategory":["vuln"],"likelihood":"LOW","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Other"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-ec2-has-public-ip.aws-ec2-has-public-ip","shortlink":"https://sg.run/08rv"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional","path":"lesson-05\\demo-01-iac-templates\\vulnerable\\ec2-vulnerable.tf","start":{"line":33,"col":5,"offset":1171},"end":{"line":33,"col":29,"offset":1195},"extra":{"message":"AWS EC2 Instance allowing use of the IMDSv1","metadata":{"cwe":["CWE-918: Server-Side Request Forgery (SSRF)"],"references":["https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#metadata-options"],"category":"security","technology":["terraform","aws"],"owasp":["A10:2021 - Server-Side Request Forgery (SSRF)"],"cwe2022-top25":true,"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"LOW","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Server-Side Request Forgery (SSRF)"],"source":"https://semgrep.dev/r/terraform.lang.security.ec2-imdsv1-optional.ec2-imdsv1-optional","shortlink":"https://sg.run/J3BQ"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-db-instance-no-logging.aws-db-instance-no-logging","path":"lesson-05\\demo-01-iac-templates\\vulnerable\\ec2-vulnerable.tf","start":{"line":113,"col":1,"offset":3186},"end":{"line":139,"col":2,"offset":3994},"extra":{"message":"Database instance has no logging. Missing logs can cause missing important event information.","metadata":{"owasp":["A03:2017 - Sensitive Data Exposure","A04:2021 - Insecure Design"],"cwe":["CWE-311: Missing Encryption of Sensitive Data"],"technology":["aws","terraform"],"category":"security","references":["https://owasp.org/Top10/A04_2021-Insecure_Design"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"LOW","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-db-instance-no-logging.aws-db-instance-no-logging","shortlink":"https://sg.run/GyAp"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.aws.security.aws-rds-backup-no-retention.aws-rds-backup-no-retention","path":"lesson-05\\demo-01-iac-templates\\vulnerable\\ec2-vulnerable.tf","start":{"line":113,"col":1,"offset":3186},"end":{"line":139,"col":2,"offset":3994},"extra":{"message":"The AWS RDS has no retention. Missing retention can cause losing important event information. To fix this, set a `backup_retention_period`.","metadata":{"owasp":["A03:2017 - Sensitive Data Exposure"],"cwe":["CWE-320: CWE CATEGORY: Key Management Errors"],"technology":["aws","terraform"],"category":"security","references":["https://owasp.org/Top10/A02_2021-Cryptographic_Failures"],"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.aws.security.aws-rds-backup-no-retention.aws-rds-backup-no-retention","shortlink":"https://sg.run/OyYB"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"terraform.lang.security.rds-insecure-password-storage-in-source-code.rds-insecure-password-storage-in-source-code","path":"lesson-05\\demo-01-iac-templates\\vulnerable\\ec2-vulnerable.tf","start":{"line":121,"col":3,"offset":3435},"end":{"line":121,"col":27,"offset":3459},"extra":{"message":"RDS instance or cluster with hardcoded credentials in source code. It is recommended to pass the credentials at runtime, or generate random credentials using the random_password resource.","metadata":{"references":["https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_instance#master_password","https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/rds_cluster#master_password","https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password"],"cwe":["CWE-522: Insufficiently Protected Credentials"],"category":"security","technology":["terraform","aws","secrets"],"owasp":["A02:2017 - Broken Authentication","A04:2021 - Insecure Design"],"cwe2021-top25":true,"subcategory":["vuln"],"likelihood":"MEDIUM","impact":"MEDIUM","confidence":"MEDIUM","license":"Semgrep Rules License v1.0. For more details, visit semgrep.dev/legal/rules-license","vulnerability_class":["Cryptographic Issues"],"source":"https://semgrep.dev/r/terraform.lang.security.rds-insecure-password-storage-in-source-code.rds-insecure-password-storage-in-source-code","shortlink":"https://sg.run/x4qA"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}}],"errors":[{"code":3,"level":"warn","type":"Lexical error","message":"Lexical error at line PyGoat\\introduction\\views.py:978:\n unrecognized symbol in string","path":"PyGoat\\introduction\\views.py"},{"code":2,"level":"warn","type":"Other syntax error","message":"Other syntax error at line lesson-03\\demo-03-sast-dast\\semgrep-rules.yaml:54:\n (approximate error location; error nearby after) error calling parser: mapping values are not allowed in this context character 0 position 0 returned: 0","path":"lesson-03\\demo-03-sast-dast\\semgrep-rules.yaml"},{"code":2,"level":"warn","type":"Timeout","rule_id":"generic.secrets.security.detected-username-and-password-in-uri.detected-username-and-password-in-uri","message":"Timeout when running generic.secrets.security.detected-username-and-password-in-uri.detected-username-and-password-in-uri on NodeGoat\\package-lock.json:\n ","path":"NodeGoat\\package-lock.json"},{"code":2,"level":"warn","type":"Timeout","rule_id":"javascript.angular.security.detect-angular-element-taint.detect-angular-element-taint","message":"Timeout when running javascript.angular.security.detect-angular-element-taint.detect-angular-element-taint on WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\ace.js:\n ","path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\ace.js"},{"code":2,"level":"warn","type":"Timeout","rule_id":"javascript.express.security.audit.express-ssrf.express-ssrf","message":"Timeout when running javascript.express.security.audit.express-ssrf.express-ssrf on WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\ace.js:\n ","path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\ace.js"},{"code":2,"level":"warn","type":"Timeout","rule_id":"javascript.express.security.express-insecure-template-usage.express-insecure-template-usage","message":"Timeout when running javascript.express.security.express-insecure-template-usage.express-insecure-template-usage on WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\ace.js:\n ","path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\ace.js"},{"code":2,"level":"warn","type":"Timeout","rule_id":"javascript.express.security.audit.express-ssrf.express-ssrf","message":"Timeout when running javascript.express.security.audit.express-ssrf.express-ssrf on WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery-ui-1.10.4.js:\n ","path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery-ui-1.10.4.js"},{"code":2,"level":"warn","type":"Timeout","rule_id":"typescript.react.security.audit.react-unsanitized-method.react-unsanitized-method","message":"Timeout when running typescript.react.security.audit.react-unsanitized-method.react-unsanitized-method on WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery-ui-1.10.4.js:\n ","path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery-ui-1.10.4.js"},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\dashboard.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":91,"offset":90}},{"path":"NodeGoat\\app\\views\\dashboard.html","start":{"line":118,"col":1,"offset":0},"end":{"line":118,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\dashboard.html:1:\n `{% extends \"./layout.html\" %} {% block title %}Dashboard{% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\dashboard.html","spans":[{"file":"NodeGoat\\app\\views\\dashboard.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":91,"offset":90}},{"file":"NodeGoat\\app\\views\\dashboard.html","start":{"line":118,"col":1,"offset":0},"end":{"line":118,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\profile.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":92,"offset":91}},{"path":"NodeGoat\\app\\views\\profile.html","start":{"line":19,"col":1,"offset":0},"end":{"line":19,"col":21,"offset":20}},{"path":"NodeGoat\\app\\views\\profile.html","start":{"line":29,"col":1,"offset":0},"end":{"line":29,"col":12,"offset":11}},{"path":"NodeGoat\\app\\views\\profile.html","start":{"line":84,"col":1,"offset":0},"end":{"line":84,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\profile.html:1:\n `{% extends \"./layout.html\" %} {% block title %}My Profile{% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\profile.html","spans":[{"file":"NodeGoat\\app\\views\\profile.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":92,"offset":91}},{"file":"NodeGoat\\app\\views\\profile.html","start":{"line":19,"col":1,"offset":0},"end":{"line":19,"col":21,"offset":20}},{"file":"NodeGoat\\app\\views\\profile.html","start":{"line":29,"col":1,"offset":0},"end":{"line":29,"col":12,"offset":11}},{"file":"NodeGoat\\app\\views\\profile.html","start":{"line":84,"col":1,"offset":0},"end":{"line":84,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":97,"offset":96}},{"path":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":236,"col":120,"offset":0},"end":{"line":236,"col":241,"offset":121}},{"path":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":260,"col":110,"offset":0},"end":{"line":260,"col":161,"offset":51}},{"path":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":351,"col":135,"offset":0},"end":{"line":351,"col":143,"offset":8}},{"path":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":409,"col":1,"offset":0},"end":{"line":409,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\tutorial\\a1.html:1:\n `{% extends \"./layout.html\" %} {% block title %}A1 - Injection {% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\tutorial\\a1.html","spans":[{"file":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":97,"offset":96}},{"file":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":236,"col":120,"offset":0},"end":{"line":236,"col":241,"offset":121}},{"file":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":260,"col":110,"offset":0},"end":{"line":260,"col":161,"offset":51}},{"file":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":351,"col":135,"offset":0},"end":{"line":351,"col":143,"offset":8}},{"file":"NodeGoat\\app\\views\\tutorial\\a1.html","start":{"line":409,"col":1,"offset":0},"end":{"line":409,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\tutorial\\a2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":130,"offset":129}},{"path":"NodeGoat\\app\\views\\tutorial\\a2.html","start":{"line":310,"col":1,"offset":0},"end":{"line":310,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\tutorial\\a2.html:1:\n `{% extends \"./layout.html\" %} {% block title %}A2-Broken Authentication and Session Management {% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\tutorial\\a2.html","spans":[{"file":"NodeGoat\\app\\views\\tutorial\\a2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":130,"offset":129}},{"file":"NodeGoat\\app\\views\\tutorial\\a2.html","start":{"line":310,"col":1,"offset":0},"end":{"line":310,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\tutorial\\a3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":111,"offset":110}},{"path":"NodeGoat\\app\\views\\tutorial\\a3.html","start":{"line":243,"col":1,"offset":0},"end":{"line":243,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\tutorial\\a3.html:1:\n `{% extends \"./layout.html\" %} {% block title %}A3-Cross-Site Scripting (XSS){% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\tutorial\\a3.html","spans":[{"file":"NodeGoat\\app\\views\\tutorial\\a3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":111,"offset":110}},{"file":"NodeGoat\\app\\views\\tutorial\\a3.html","start":{"line":243,"col":1,"offset":0},"end":{"line":243,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\tutorial\\a5.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":110,"offset":109}},{"path":"NodeGoat\\app\\views\\tutorial\\a5.html","start":{"line":132,"col":1,"offset":0},"end":{"line":132,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\tutorial\\a5.html:1:\n `{% extends \"./layout.html\" %} {% block title %}A5-Security Misconfiguration{% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\tutorial\\a5.html","spans":[{"file":"NodeGoat\\app\\views\\tutorial\\a5.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":110,"offset":109}},{"file":"NodeGoat\\app\\views\\tutorial\\a5.html","start":{"line":132,"col":1,"offset":0},"end":{"line":132,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\tutorial\\a7.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":122,"offset":121}},{"path":"NodeGoat\\app\\views\\tutorial\\a7.html","start":{"line":71,"col":22,"offset":0},"end":{"line":81,"col":3,"offset":256}},{"path":"NodeGoat\\app\\views\\tutorial\\a7.html","start":{"line":93,"col":1,"offset":0},"end":{"line":93,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\tutorial\\a7.html:1:\n `{% extends \"./layout.html\" %} {% block title %}A7-Missing Function Level Access Control{% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\tutorial\\a7.html","spans":[{"file":"NodeGoat\\app\\views\\tutorial\\a7.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":122,"offset":121}},{"file":"NodeGoat\\app\\views\\tutorial\\a7.html","start":{"line":71,"col":22,"offset":0},"end":{"line":81,"col":3,"offset":256}},{"file":"NodeGoat\\app\\views\\tutorial\\a7.html","start":{"line":93,"col":1,"offset":0},"end":{"line":93,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\tutorial\\a8.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":119,"offset":118}},{"path":"NodeGoat\\app\\views\\tutorial\\a8.html","start":{"line":103,"col":1,"offset":0},"end":{"line":103,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\tutorial\\a8.html:1:\n `{% extends \"./layout.html\" %} {% block title %}A8-Cross-Site Request Forgery (CSRF) {% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\tutorial\\a8.html","spans":[{"file":"NodeGoat\\app\\views\\tutorial\\a8.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":119,"offset":118}},{"file":"NodeGoat\\app\\views\\tutorial\\a8.html","start":{"line":103,"col":1,"offset":0},"end":{"line":103,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\tutorial\\a9.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":128,"offset":127}},{"path":"NodeGoat\\app\\views\\tutorial\\a9.html","start":{"line":177,"col":1,"offset":0},"end":{"line":177,"col":15,"offset":14}}]],"message":"Syntax error at line NodeGoat\\app\\views\\tutorial\\a9.html:1:\n `{% extends \"./layout.html\" %} {% block title %}A9-Using Components with Known Vulnerabilities{% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\tutorial\\a9.html","spans":[{"file":"NodeGoat\\app\\views\\tutorial\\a9.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":128,"offset":127}},{"file":"NodeGoat\\app\\views\\tutorial\\a9.html","start":{"line":177,"col":1,"offset":0},"end":{"line":177,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"NodeGoat\\app\\views\\tutorial\\redos.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":111,"offset":110}},{"path":"NodeGoat\\app\\views\\tutorial\\redos.html","start":{"line":64,"col":1,"offset":0},"end":{"line":64,"col":21,"offset":20}}]],"message":"Syntax error at line NodeGoat\\app\\views\\tutorial\\redos.html:1:\n `{% extends \"./layout.html\" %} {% block title %}ReDoS Regular Expressions DoS{% endblock %} {% block content %}` was unexpected","path":"NodeGoat\\app\\views\\tutorial\\redos.html","spans":[{"file":"NodeGoat\\app\\views\\tutorial\\redos.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":111,"offset":110}},{"file":"NodeGoat\\app\\views\\tutorial\\redos.html","start":{"line":64,"col":1,"offset":0},"end":{"line":64,"col":21,"offset":20}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":46}},{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html","start":{"line":5,"col":1,"offset":0},"end":{"line":7,"col":20,"offset":37}},{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html","start":{"line":83,"col":1,"offset":0},"end":{"line":83,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html:1:\n `{% extends \"base.html\" %}\r\n\r\n{% block title %}` was unexpected","path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html","spans":[{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":46}},{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html","start":{"line":5,"col":1,"offset":0},"end":{"line":7,"col":20,"offset":37}},{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html","start":{"line":83,"col":1,"offset":0},"end":{"line":83,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":46}},{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html","start":{"line":5,"col":1,"offset":0},"end":{"line":7,"col":20,"offset":37}},{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html","start":{"line":174,"col":1,"offset":0},"end":{"line":174,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html:1:\n `{% extends \"base.html\" %}\r\n\r\n{% block title %}` was unexpected","path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html","spans":[{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":46}},{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html","start":{"line":5,"col":1,"offset":0},"end":{"line":7,"col":20,"offset":37}},{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html","start":{"line":174,"col":1,"offset":0},"end":{"line":174,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":46}},{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":7,"col":20,"offset":37}},{"path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html","start":{"line":53,"col":1,"offset":0},"end":{"line":53,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html:1:\n `{% extends \"base.html\" %}\r\n\r\n{% block title %}` was unexpected","path":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html","spans":[{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":46}},{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":7,"col":20,"offset":37}},{"file":"PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html","start":{"line":53,"col":1,"offset":0},"end":{"line":53,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":46}},{"path":"PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html","start":{"line":5,"col":1,"offset":0},"end":{"line":7,"col":20,"offset":37}},{"path":"PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html","start":{"line":26,"col":1,"offset":0},"end":{"line":26,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html:1:\n `{% extends \"base.html\" %}\r\n\r\n{% block title %}` was unexpected","path":"PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html","spans":[{"file":"PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":46}},{"file":"PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html","start":{"line":5,"col":1,"offset":0},"end":{"line":7,"col":20,"offset":37}},{"file":"PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html","start":{"line":26,"col":1,"offset":0},"end":{"line":26,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\index.html","start":{"line":54,"col":111,"offset":0},"end":{"line":54,"col":119,"offset":8}}]],"message":"Syntax error at line PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\index.html:54:\n `& Try it` was unexpected","path":"PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\index.html","spans":[{"file":"PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\index.html","start":{"line":54,"col":111,"offset":0},"end":{"line":54,"col":119,"offset":8}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\lesson.html","start":{"line":108,"col":43,"offset":0},"end":{"line":108,"col":53,"offset":10}}]],"message":"Syntax error at line PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\lesson.html:108:\n `& API keys` was unexpected","path":"PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\lesson.html","spans":[{"file":"PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\lesson.html","start":{"line":108,"col":43,"offset":0},"end":{"line":108,"col":53,"offset":10}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":4,"col":29,"offset":0},"end":{"line":4,"col":41,"offset":12}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":7,"col":28,"offset":0},"end":{"line":7,"col":40,"offset":12}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":9,"col":40,"offset":0},"end":{"line":9,"col":59,"offset":19}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":70,"col":3,"offset":0},"end":{"line":70,"col":17,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\A10\\a10.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":4,"col":29,"offset":0},"end":{"line":4,"col":41,"offset":12}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":7,"col":28,"offset":0},"end":{"line":7,"col":40,"offset":12}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":9,"col":40,"offset":0},"end":{"line":9,"col":59,"offset":19}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","start":{"line":70,"col":3,"offset":0},"end":{"line":70,"col":17,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","start":{"line":5,"col":29,"offset":0},"end":{"line":5,"col":41,"offset":12}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","start":{"line":42,"col":1,"offset":0},"end":{"line":44,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","start":{"line":5,"col":29,"offset":0},"end":{"line":5,"col":41,"offset":12}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","start":{"line":42,"col":1,"offset":0},"end":{"line":44,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","start":{"line":5,"col":29,"offset":0},"end":{"line":5,"col":41,"offset":12}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","start":{"line":78,"col":1,"offset":0},"end":{"line":78,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","start":{"line":5,"col":29,"offset":0},"end":{"line":5,"col":41,"offset":12}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","start":{"line":78,"col":1,"offset":0},"end":{"line":78,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\A11\\a11.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":77,"offset":76}},{"path":"PyGoat\\introduction\\templates\\Lab\\A11\\a11.html","start":{"line":3,"col":1,"offset":0},"end":{"line":3,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\A11\\a11.html:1:\n `{% extends 'introduction/base.html' %} {% block content %} {% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\A11\\a11.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\A11\\a11.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":77,"offset":76}},{"file":"PyGoat\\introduction\\templates\\Lab\\A11\\a11.html","start":{"line":3,"col":1,"offset":0},"end":{"line":3,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":9,"col":15,"offset":52}},{"path":"PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html","start":{"line":53,"col":1,"offset":0},"end":{"line":53,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":9,"col":15,"offset":52}},{"file":"PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html","start":{"line":53,"col":1,"offset":0},"end":{"line":53,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9.html","start":{"line":94,"col":1,"offset":0},"end":{"line":94,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\A9\\a9.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9.html","start":{"line":94,"col":1,"offset":0},"end":{"line":94,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html","start":{"line":35,"col":1,"offset":0},"end":{"line":37,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html","start":{"line":35,"col":1,"offset":0},"end":{"line":37,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","start":{"line":11,"col":17,"offset":0},"end":{"line":11,"col":78,"offset":61}},{"path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","start":{"line":12,"col":15,"offset":0},"end":{"line":12,"col":51,"offset":36}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","start":{"line":11,"col":17,"offset":0},"end":{"line":11,"col":78,"offset":61}},{"file":"PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","start":{"line":12,"col":15,"offset":0},"end":{"line":12,"col":51,"offset":36}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html","start":{"line":50,"col":1,"offset":0},"end":{"line":54,"col":15,"offset":28}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html","start":{"line":50,"col":1,"offset":0},"end":{"line":54,"col":15,"offset":28}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html","start":{"line":20,"col":1,"offset":0},"end":{"line":20,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html","start":{"line":20,"col":1,"offset":0},"end":{"line":20,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html","start":{"line":23,"col":1,"offset":0},"end":{"line":23,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html","start":{"line":23,"col":1,"offset":0},"end":{"line":23,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html","start":{"line":25,"col":1,"offset":0},"end":{"line":25,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html","start":{"line":25,"col":1,"offset":0},"end":{"line":25,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html","start":{"line":24,"col":1,"offset":0},"end":{"line":24,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html","start":{"line":24,"col":1,"offset":0},"end":{"line":24,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html","start":{"line":66,"col":1,"offset":0},"end":{"line":66,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html","start":{"line":66,"col":1,"offset":0},"end":{"line":66,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html","start":{"line":44,"col":1,"offset":0},"end":{"line":46,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html","start":{"line":44,"col":1,"offset":0},"end":{"line":46,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html","start":{"line":104,"col":1,"offset":0},"end":{"line":104,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html","start":{"line":104,"col":1,"offset":0},"end":{"line":104,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html","start":{"line":34,"col":1,"offset":0},"end":{"line":36,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html","start":{"line":34,"col":1,"offset":0},"end":{"line":36,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":38,"col":69,"offset":0},"end":{"line":38,"col":81,"offset":12}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":39,"col":65,"offset":0},"end":{"line":39,"col":71,"offset":6}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":63,"col":59,"offset":0},"end":{"line":63,"col":65,"offset":6}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":64,"col":43,"offset":0},"end":{"line":64,"col":49,"offset":6}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":65,"col":27,"offset":0},"end":{"line":65,"col":29,"offset":2}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":134,"col":1,"offset":0},"end":{"line":134,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":38,"col":69,"offset":0},"end":{"line":38,"col":81,"offset":12}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":39,"col":65,"offset":0},"end":{"line":39,"col":71,"offset":6}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":63,"col":59,"offset":0},"end":{"line":63,"col":65,"offset":6}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":64,"col":43,"offset":0},"end":{"line":64,"col":49,"offset":6}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":65,"col":27,"offset":0},"end":{"line":65,"col":29,"offset":2}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","start":{"line":134,"col":1,"offset":0},"end":{"line":134,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html","start":{"line":33,"col":1,"offset":0},"end":{"line":36,"col":15,"offset":24}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html","start":{"line":33,"col":1,"offset":0},"end":{"line":36,"col":15,"offset":24}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html","start":{"line":29,"col":1,"offset":0},"end":{"line":32,"col":15,"offset":24}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html","start":{"line":29,"col":1,"offset":0},"end":{"line":32,"col":15,"offset":24}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html","start":{"line":49,"col":1,"offset":0},"end":{"line":49,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html","start":{"line":49,"col":1,"offset":0},"end":{"line":49,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html","start":{"line":19,"col":1,"offset":0},"end":{"line":21,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html","start":{"line":19,"col":1,"offset":0},"end":{"line":21,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html","start":{"line":100,"col":1,"offset":0},"end":{"line":100,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html","start":{"line":100,"col":1,"offset":0},"end":{"line":100,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html","start":{"line":46,"col":1,"offset":0},"end":{"line":48,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html","start":{"line":46,"col":1,"offset":0},"end":{"line":48,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":1,"col":1,"offset":0},"end":{"line":2,"col":20,"offset":59}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":58,"col":106,"offset":0},"end":{"line":58,"col":108,"offset":2}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":148,"col":29,"offset":0},"end":{"line":148,"col":38,"offset":9}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":148,"col":45,"offset":0},"end":{"line":148,"col":51,"offset":6}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":149,"col":43,"offset":0},"end":{"line":149,"col":82,"offset":39}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":170,"col":25,"offset":0},"end":{"line":170,"col":37,"offset":12}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":172,"col":31,"offset":0},"end":{"line":172,"col":36,"offset":5}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":174,"col":28,"offset":0},"end":{"line":174,"col":35,"offset":7}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":175,"col":29,"offset":0},"end":{"line":175,"col":38,"offset":9}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":176,"col":29,"offset":0},"end":{"line":176,"col":38,"offset":9}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":205,"col":1,"offset":0},"end":{"line":205,"col":23,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":1,"col":1,"offset":0},"end":{"line":2,"col":20,"offset":59}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":58,"col":106,"offset":0},"end":{"line":58,"col":108,"offset":2}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":148,"col":29,"offset":0},"end":{"line":148,"col":38,"offset":9}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":148,"col":45,"offset":0},"end":{"line":148,"col":51,"offset":6}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":149,"col":43,"offset":0},"end":{"line":149,"col":82,"offset":39}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":170,"col":25,"offset":0},"end":{"line":170,"col":37,"offset":12}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":172,"col":31,"offset":0},"end":{"line":172,"col":36,"offset":5}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":174,"col":28,"offset":0},"end":{"line":174,"col":35,"offset":7}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":175,"col":29,"offset":0},"end":{"line":175,"col":38,"offset":9}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":176,"col":29,"offset":0},"end":{"line":176,"col":38,"offset":9}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","start":{"line":205,"col":1,"offset":0},"end":{"line":205,"col":23,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html","start":{"line":39,"col":1,"offset":0},"end":{"line":41,"col":23,"offset":30}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html","start":{"line":39,"col":1,"offset":0},"end":{"line":41,"col":23,"offset":30}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html","start":{"line":52,"col":1,"offset":0},"end":{"line":52,"col":23,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html","start":{"line":52,"col":1,"offset":0},"end":{"line":52,"col":23,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html","start":{"line":28,"col":1,"offset":0},"end":{"line":28,"col":23,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html","start":{"line":28,"col":1,"offset":0},"end":{"line":28,"col":23,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":57,"col":72,"offset":0},"end":{"line":57,"col":73,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":59,"col":76,"offset":0},"end":{"line":59,"col":77,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":60,"col":88,"offset":0},"end":{"line":60,"col":89,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":61,"col":50,"offset":0},"end":{"line":61,"col":51,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":62,"col":57,"offset":0},"end":{"line":62,"col":58,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":63,"col":57,"offset":0},"end":{"line":63,"col":58,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":63,"col":72,"offset":0},"end":{"line":63,"col":73,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":64,"col":58,"offset":0},"end":{"line":64,"col":59,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":98,"col":1,"offset":0},"end":{"line":98,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":57,"col":72,"offset":0},"end":{"line":57,"col":73,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":59,"col":76,"offset":0},"end":{"line":59,"col":77,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":60,"col":88,"offset":0},"end":{"line":60,"col":89,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":61,"col":50,"offset":0},"end":{"line":61,"col":51,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":62,"col":57,"offset":0},"end":{"line":62,"col":58,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":63,"col":57,"offset":0},"end":{"line":63,"col":58,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":63,"col":72,"offset":0},"end":{"line":63,"col":73,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":64,"col":58,"offset":0},"end":{"line":64,"col":59,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","start":{"line":98,"col":1,"offset":0},"end":{"line":98,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html","start":{"line":35,"col":1,"offset":0},"end":{"line":37,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html","start":{"line":35,"col":1,"offset":0},"end":{"line":37,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html","start":{"line":82,"col":1,"offset":0},"end":{"line":82,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html","start":{"line":82,"col":1,"offset":0},"end":{"line":82,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html","start":{"line":17,"col":1,"offset":0},"end":{"line":19,"col":23,"offset":30}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html","start":{"line":17,"col":1,"offset":0},"end":{"line":19,"col":23,"offset":30}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html","start":{"line":85,"col":1,"offset":0},"end":{"line":85,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html","start":{"line":85,"col":1,"offset":0},"end":{"line":85,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html","start":{"line":30,"col":1,"offset":0},"end":{"line":32,"col":23,"offset":30}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html","start":{"line":30,"col":1,"offset":0},"end":{"line":32,"col":23,"offset":30}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html","start":{"line":51,"col":1,"offset":0},"end":{"line":53,"col":23,"offset":30}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html","start":{"line":51,"col":1,"offset":0},"end":{"line":53,"col":23,"offset":30}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":77,"offset":76}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf.html","start":{"line":3,"col":1,"offset":0},"end":{"line":3,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf.html:1:\n `{% extends 'introduction/base.html' %} {% block content %} {% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":77,"offset":76}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf.html","start":{"line":3,"col":1,"offset":0},"end":{"line":3,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":77,"offset":76}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":3,"col":1,"offset":0},"end":{"line":3,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":73,"col":209,"offset":0},"end":{"line":73,"col":210,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":77,"col":209,"offset":0},"end":{"line":77,"col":210,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":81,"col":210,"offset":0},"end":{"line":81,"col":211,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":85,"col":210,"offset":0},"end":{"line":85,"col":211,"offset":1}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":157,"col":1,"offset":0},"end":{"line":157,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html:1:\n `{% extends 'introduction/base.html' %} {% block content %} {% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":77,"offset":76}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":3,"col":1,"offset":0},"end":{"line":3,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":73,"col":209,"offset":0},"end":{"line":73,"col":210,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":77,"col":209,"offset":0},"end":{"line":77,"col":210,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":81,"col":210,"offset":0},"end":{"line":81,"col":211,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":85,"col":210,"offset":0},"end":{"line":85,"col":211,"offset":1}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","start":{"line":157,"col":1,"offset":0},"end":{"line":157,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab2.html","start":{"line":5,"col":1,"offset":0},"end":{"line":52,"col":15,"offset":1638}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab2.html","start":{"line":5,"col":1,"offset":0},"end":{"line":52,"col":15,"offset":1638}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html","start":{"line":147,"col":1,"offset":0},"end":{"line":147,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html","start":{"line":147,"col":1,"offset":0},"end":{"line":147,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html","start":{"line":44,"col":1,"offset":0},"end":{"line":46,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html","start":{"line":44,"col":1,"offset":0},"end":{"line":46,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html","start":{"line":48,"col":1,"offset":0},"end":{"line":53,"col":15,"offset":137}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html","start":{"line":48,"col":1,"offset":0},"end":{"line":53,"col":15,"offset":137}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html","start":{"line":40,"col":1,"offset":0},"end":{"line":42,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html","start":{"line":40,"col":1,"offset":0},"end":{"line":42,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":77,"offset":76}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure.html","start":{"line":3,"col":1,"offset":0},"end":{"line":3,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure.html:1:\n `{% extends 'introduction/base.html' %} {% block content %} {% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure.html","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":77,"offset":76}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure.html","start":{"line":3,"col":1,"offset":0},"end":{"line":3,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":9,"col":17,"offset":36}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab.html","start":{"line":6,"col":1,"offset":0},"end":{"line":9,"col":17,"offset":36}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":9,"col":17,"offset":36}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":9,"col":17,"offset":36}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":9,"col":17,"offset":36}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":10,"col":36,"offset":0},"end":{"line":14,"col":11,"offset":129}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":26,"col":1,"offset":0},"end":{"line":26,"col":17,"offset":16}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":28,"col":1,"offset":0},"end":{"line":28,"col":12,"offset":11}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":31,"col":1,"offset":0},"end":{"line":31,"col":12,"offset":11}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":44,"col":1,"offset":0},"end":{"line":46,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":9,"col":17,"offset":36}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":10,"col":36,"offset":0},"end":{"line":14,"col":11,"offset":129}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":26,"col":1,"offset":0},"end":{"line":26,"col":17,"offset":16}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":28,"col":1,"offset":0},"end":{"line":28,"col":12,"offset":11}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":31,"col":1,"offset":0},"end":{"line":31,"col":12,"offset":11}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","start":{"line":44,"col":1,"offset":0},"end":{"line":46,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html","start":{"line":94,"col":1,"offset":0},"end":{"line":94,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html","start":{"line":94,"col":1,"offset":0},"end":{"line":94,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html","start":{"line":46,"col":1,"offset":0},"end":{"line":48,"col":15,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html","start":{"line":46,"col":1,"offset":0},"end":{"line":48,"col":15,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html","start":{"line":42,"col":1,"offset":0},"end":{"line":42,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html","start":{"line":42,"col":1,"offset":0},"end":{"line":42,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html","start":{"line":28,"col":1,"offset":0},"end":{"line":28,"col":106,"offset":105}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html","start":{"line":28,"col":1,"offset":0},"end":{"line":28,"col":106,"offset":105}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","start":{"line":98,"col":17,"offset":0},"end":{"line":98,"col":32,"offset":15}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","start":{"line":139,"col":1,"offset":0},"end":{"line":143,"col":15,"offset":28}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","start":{"line":98,"col":17,"offset":0},"end":{"line":98,"col":32,"offset":15}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","start":{"line":139,"col":1,"offset":0},"end":{"line":143,"col":15,"offset":28}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab2.html","start":{"line":5,"col":1,"offset":0},"end":{"line":82,"col":15,"offset":3902}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab2.html","start":{"line":5,"col":1,"offset":0},"end":{"line":82,"col":15,"offset":3902}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab3.html","start":{"line":5,"col":1,"offset":0},"end":{"line":79,"col":15,"offset":3129}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab3.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab3.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab3.html","start":{"line":5,"col":1,"offset":0},"end":{"line":79,"col":15,"offset":3129}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html","start":{"line":96,"col":1,"offset":0},"end":{"line":96,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html","start":{"line":5,"col":1,"offset":0},"end":{"line":5,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html","start":{"line":96,"col":1,"offset":0},"end":{"line":96,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","start":{"line":5,"col":1,"offset":0},"end":{"line":10,"col":22,"offset":78}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","start":{"line":12,"col":1,"offset":0},"end":{"line":12,"col":11,"offset":10}},{"path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","start":{"line":22,"col":1,"offset":0},"end":{"line":25,"col":106,"offset":122}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","spans":[{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":3,"col":18,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","start":{"line":5,"col":1,"offset":0},"end":{"line":10,"col":22,"offset":78}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","start":{"line":12,"col":1,"offset":0},"end":{"line":12,"col":11,"offset":10}},{"file":"PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","start":{"line":22,"col":1,"offset":0},"end":{"line":25,"col":106,"offset":122}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\introduction\\base.html","start":{"line":2,"col":1,"offset":0},"end":{"line":2,"col":18,"offset":17}},{"path":"PyGoat\\introduction\\templates\\introduction\\base.html","start":{"line":598,"col":45,"offset":0},"end":{"line":598,"col":57,"offset":12}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\introduction\\base.html:2:\n `{% load static %}` was unexpected","path":"PyGoat\\introduction\\templates\\introduction\\base.html","spans":[{"file":"PyGoat\\introduction\\templates\\introduction\\base.html","start":{"line":2,"col":1,"offset":0},"end":{"line":2,"col":18,"offset":17}},{"file":"PyGoat\\introduction\\templates\\introduction\\base.html","start":{"line":598,"col":45,"offset":0},"end":{"line":598,"col":57,"offset":12}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html","start":{"line":31,"col":1,"offset":0},"end":{"line":31,"col":23,"offset":22}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html","start":{"line":31,"col":1,"offset":0},"end":{"line":31,"col":23,"offset":22}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_17.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_17.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_lab_17.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_17.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_17.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_17.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html","start":{"line":47,"col":1,"offset":0},"end":{"line":47,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html","start":{"line":47,"col":1,"offset":0},"end":{"line":47,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","start":{"line":83,"col":17,"offset":0},"end":{"line":83,"col":32,"offset":15}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","start":{"line":121,"col":5,"offset":0},"end":{"line":123,"col":15,"offset":24}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top14.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","start":{"line":83,"col":17,"offset":0},"end":{"line":83,"col":32,"offset":15}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","start":{"line":121,"col":5,"offset":0},"end":{"line":123,"col":15,"offset":24}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top17.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top17.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top17.html","start":{"line":33,"col":1,"offset":0},"end":{"line":33,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top17.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top17.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top17.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top17.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top17.html","start":{"line":33,"col":1,"offset":0},"end":{"line":33,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top2.html","start":{"line":41,"col":1,"offset":0},"end":{"line":41,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top2.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% load static %}\r\n{% block content %}\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top2.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top2.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":97}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top2.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top2.html","start":{"line":41,"col":1,"offset":0},"end":{"line":41,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top21.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":19,"offset":102}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top21.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top21.html","start":{"line":53,"col":1,"offset":0},"end":{"line":53,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top21.html:1:\n `{% extends \"introduction/base.html\" %}\r\n {% load static %} \r\n {% block content %} \r\n {% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top21.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top21.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":19,"offset":102}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top21.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top21.html","start":{"line":53,"col":1,"offset":0},"end":{"line":53,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top25.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":17,"offset":98}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top25.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top25.html:1:\n `{% extends \"introduction/base.html\" %} \r\n{% load static %} \r\n{% block content %}\r\n{%block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top25.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top25.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":17,"offset":98}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top25.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":100}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top3.html:1:\n `{% extends \"introduction/base.html\" %} \r\n{% load static %} \r\n{% block content %} \r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top3.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top3.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":100}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top3.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top4.html","start":{"line":1,"col":1,"offset":0},"end":{"line":2,"col":18,"offset":96}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top4.html","start":{"line":4,"col":1,"offset":0},"end":{"line":4,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top4.html","start":{"line":92,"col":1,"offset":0},"end":{"line":92,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top4.html:1:\n `{% extends \"introduction/base.html\" %} {% load static %} {% block content %} \r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top4.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top4.html","start":{"line":1,"col":1,"offset":0},"end":{"line":2,"col":18,"offset":96}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top4.html","start":{"line":4,"col":1,"offset":0},"end":{"line":4,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top4.html","start":{"line":92,"col":1,"offset":0},"end":{"line":92,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":100}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":77,"col":61,"offset":0},"end":{"line":77,"col":73,"offset":12}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":78,"col":57,"offset":0},"end":{"line":78,"col":63,"offset":6}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":102,"col":51,"offset":0},"end":{"line":102,"col":57,"offset":6}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":103,"col":35,"offset":0},"end":{"line":103,"col":41,"offset":6}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":104,"col":19,"offset":0},"end":{"line":104,"col":21,"offset":2}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":125,"col":1,"offset":0},"end":{"line":125,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top6.html:1:\n `{% extends \"introduction/base.html\" %} \r\n{% load static %} \r\n{% block content %} \r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":100}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":77,"col":61,"offset":0},"end":{"line":77,"col":73,"offset":12}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":78,"col":57,"offset":0},"end":{"line":78,"col":63,"offset":6}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":102,"col":51,"offset":0},"end":{"line":102,"col":57,"offset":6}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":103,"col":35,"offset":0},"end":{"line":103,"col":41,"offset":6}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":104,"col":19,"offset":0},"end":{"line":104,"col":21,"offset":2}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","start":{"line":125,"col":1,"offset":0},"end":{"line":125,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top8.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":100}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top8.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top8.html","start":{"line":44,"col":1,"offset":0},"end":{"line":44,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top8.html:1:\n `{% extends \"introduction/base.html\" %} \r\n{% load static %} \r\n{% block content %} \r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top8.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top8.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":100}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top8.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top8.html","start":{"line":44,"col":1,"offset":0},"end":{"line":44,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top9.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":17,"offset":99}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top9.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"path":"PyGoat\\introduction\\templates\\mitre\\mitre_top9.html","start":{"line":44,"col":1,"offset":0},"end":{"line":44,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\mitre\\mitre_top9.html:1:\n `{% extends \"introduction/base.html\" %} \r\n{% load static %} \r\n{% block content %} \r\n{%block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\mitre\\mitre_top9.html","spans":[{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top9.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":17,"offset":99}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top9.html","start":{"line":6,"col":1,"offset":0},"end":{"line":6,"col":15,"offset":14}},{"file":"PyGoat\\introduction\\templates\\mitre\\mitre_top9.html","start":{"line":44,"col":1,"offset":0},"end":{"line":44,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\playground\\A7\\index.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":80}},{"path":"PyGoat\\introduction\\templates\\playground\\A7\\index.html","start":{"line":6,"col":1,"offset":0},"end":{"line":7,"col":18,"offset":33}},{"path":"PyGoat\\introduction\\templates\\playground\\A7\\index.html","start":{"line":61,"col":1,"offset":0},"end":{"line":61,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\playground\\A7\\index.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\playground\\A7\\index.html","spans":[{"file":"PyGoat\\introduction\\templates\\playground\\A7\\index.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":80}},{"file":"PyGoat\\introduction\\templates\\playground\\A7\\index.html","start":{"line":6,"col":1,"offset":0},"end":{"line":7,"col":18,"offset":33}},{"file":"PyGoat\\introduction\\templates\\playground\\A7\\index.html","start":{"line":61,"col":1,"offset":0},"end":{"line":61,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":80}},{"path":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":5,"col":29,"offset":0},"end":{"line":5,"col":41,"offset":12}},{"path":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":6,"col":1,"offset":0},"end":{"line":7,"col":18,"offset":33}},{"path":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":16,"col":64,"offset":0},"end":{"line":16,"col":77,"offset":13}},{"path":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":40,"col":31,"offset":0},"end":{"line":52,"col":13,"offset":238}},{"path":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":102,"col":1,"offset":0},"end":{"line":102,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\playground\\A9\\index.html:1:\n `{% extends 'introduction/base.html' %}\r\n{% block content %}\r\n\r\n{% block title %}` was unexpected","path":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","spans":[{"file":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":18,"offset":80}},{"file":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":5,"col":29,"offset":0},"end":{"line":5,"col":41,"offset":12}},{"file":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":6,"col":1,"offset":0},"end":{"line":7,"col":18,"offset":33}},{"file":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":16,"col":64,"offset":0},"end":{"line":16,"col":77,"offset":13}},{"file":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":40,"col":31,"offset":0},"end":{"line":52,"col":13,"offset":238}},{"file":"PyGoat\\introduction\\templates\\playground\\A9\\index.html","start":{"line":102,"col":1,"offset":0},"end":{"line":102,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\registration\\login.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":25,"offset":115}},{"path":"PyGoat\\introduction\\templates\\registration\\login.html","start":{"line":37,"col":1,"offset":0},"end":{"line":37,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\registration\\login.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %}\r\n{% load crispy_forms_tags %}\r\n{% load socialaccount %}` was unexpected","path":"PyGoat\\introduction\\templates\\registration\\login.html","spans":[{"file":"PyGoat\\introduction\\templates\\registration\\login.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":25,"offset":115}},{"file":"PyGoat\\introduction\\templates\\registration\\login.html","start":{"line":37,"col":1,"offset":0},"end":{"line":37,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"PyGoat\\introduction\\templates\\registration\\register.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":29,"offset":92}},{"path":"PyGoat\\introduction\\templates\\registration\\register.html","start":{"line":25,"col":1,"offset":0},"end":{"line":25,"col":15,"offset":14}}]],"message":"Syntax error at line PyGoat\\introduction\\templates\\registration\\register.html:1:\n `{% extends \"introduction/base.html\" %}\r\n{% block content %} \r\n\r\n{% load crispy_forms_tags %}` was unexpected","path":"PyGoat\\introduction\\templates\\registration\\register.html","spans":[{"file":"PyGoat\\introduction\\templates\\registration\\register.html","start":{"line":1,"col":1,"offset":0},"end":{"line":4,"col":29,"offset":92}},{"file":"PyGoat\\introduction\\templates\\registration\\register.html","start":{"line":25,"col":1,"offset":0},"end":{"line":25,"col":15,"offset":14}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"WebGoat\\Dockerfile","start":{"line":8,"col":11,"offset":0},"end":{"line":8,"col":12,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":8,"col":15,"offset":0},"end":{"line":8,"col":16,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":8,"col":19,"offset":0},"end":{"line":8,"col":20,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":8,"col":25,"offset":0},"end":{"line":8,"col":26,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":8,"col":33,"offset":0},"end":{"line":9,"col":4,"offset":9}},{"path":"WebGoat\\Dockerfile","start":{"line":9,"col":9,"offset":0},"end":{"line":9,"col":10,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":9,"col":12,"offset":0},"end":{"line":9,"col":15,"offset":3}},{"path":"WebGoat\\Dockerfile","start":{"line":9,"col":19,"offset":0},"end":{"line":9,"col":20,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":9,"col":28,"offset":0},"end":{"line":10,"col":4,"offset":9}},{"path":"WebGoat\\Dockerfile","start":{"line":10,"col":9,"offset":0},"end":{"line":10,"col":10,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":10,"col":12,"offset":0},"end":{"line":10,"col":14,"offset":2}},{"path":"WebGoat\\Dockerfile","start":{"line":10,"col":16,"offset":0},"end":{"line":10,"col":17,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":10,"col":21,"offset":0},"end":{"line":10,"col":22,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":22,"col":22,"offset":0},"end":{"line":22,"col":23,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":23,"col":33,"offset":0},"end":{"line":23,"col":34,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":24,"col":29,"offset":0},"end":{"line":24,"col":30,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":25,"col":54,"offset":0},"end":{"line":25,"col":55,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":26,"col":54,"offset":0},"end":{"line":26,"col":55,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":27,"col":62,"offset":0},"end":{"line":27,"col":63,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":28,"col":54,"offset":0},"end":{"line":28,"col":55,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":29,"col":58,"offset":0},"end":{"line":29,"col":59,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":30,"col":61,"offset":0},"end":{"line":30,"col":62,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":31,"col":55,"offset":0},"end":{"line":31,"col":56,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":32,"col":52,"offset":0},"end":{"line":32,"col":53,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":33,"col":54,"offset":0},"end":{"line":33,"col":55,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":34,"col":55,"offset":0},"end":{"line":34,"col":56,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":35,"col":52,"offset":0},"end":{"line":35,"col":53,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":36,"col":32,"offset":0},"end":{"line":36,"col":33,"offset":1}},{"path":"WebGoat\\Dockerfile","start":{"line":39,"col":1,"offset":0},"end":{"line":40,"col":74,"offset":115}}]],"message":"Syntax error at line WebGoat\\Dockerfile:8:\n `-` was unexpected","path":"WebGoat\\Dockerfile","spans":[{"file":"WebGoat\\Dockerfile","start":{"line":8,"col":11,"offset":0},"end":{"line":8,"col":12,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":8,"col":15,"offset":0},"end":{"line":8,"col":16,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":8,"col":19,"offset":0},"end":{"line":8,"col":20,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":8,"col":25,"offset":0},"end":{"line":8,"col":26,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":8,"col":33,"offset":0},"end":{"line":9,"col":4,"offset":9}},{"file":"WebGoat\\Dockerfile","start":{"line":9,"col":9,"offset":0},"end":{"line":9,"col":10,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":9,"col":12,"offset":0},"end":{"line":9,"col":15,"offset":3}},{"file":"WebGoat\\Dockerfile","start":{"line":9,"col":19,"offset":0},"end":{"line":9,"col":20,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":9,"col":28,"offset":0},"end":{"line":10,"col":4,"offset":9}},{"file":"WebGoat\\Dockerfile","start":{"line":10,"col":9,"offset":0},"end":{"line":10,"col":10,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":10,"col":12,"offset":0},"end":{"line":10,"col":14,"offset":2}},{"file":"WebGoat\\Dockerfile","start":{"line":10,"col":16,"offset":0},"end":{"line":10,"col":17,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":10,"col":21,"offset":0},"end":{"line":10,"col":22,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":22,"col":22,"offset":0},"end":{"line":22,"col":23,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":23,"col":33,"offset":0},"end":{"line":23,"col":34,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":24,"col":29,"offset":0},"end":{"line":24,"col":30,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":25,"col":54,"offset":0},"end":{"line":25,"col":55,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":26,"col":54,"offset":0},"end":{"line":26,"col":55,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":27,"col":62,"offset":0},"end":{"line":27,"col":63,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":28,"col":54,"offset":0},"end":{"line":28,"col":55,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":29,"col":58,"offset":0},"end":{"line":29,"col":59,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":30,"col":61,"offset":0},"end":{"line":30,"col":62,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":31,"col":55,"offset":0},"end":{"line":31,"col":56,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":32,"col":52,"offset":0},"end":{"line":32,"col":53,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":33,"col":54,"offset":0},"end":{"line":33,"col":55,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":34,"col":55,"offset":0},"end":{"line":34,"col":56,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":35,"col":52,"offset":0},"end":{"line":35,"col":53,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":36,"col":32,"offset":0},"end":{"line":36,"col":33,"offset":1}},{"file":"WebGoat\\Dockerfile","start":{"line":39,"col":1,"offset":0},"end":{"line":40,"col":74,"offset":115}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"WebGoat\\mvnw","start":{"line":220,"col":7,"offset":0},"end":{"line":221,"col":11,"offset":65}}]],"message":"Syntax error at line WebGoat\\mvnw:220:\n `case \"$key\" in (wrapperUrl) jarUrl=\"$value\"; break ;;\r\n      esac` was unexpected","path":"WebGoat\\mvnw","spans":[{"file":"WebGoat\\mvnw","start":{"line":220,"col":7,"offset":0},"end":{"line":221,"col":11,"offset":65}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":2,"col":5,"offset":0},"end":{"line":2,"col":53,"offset":48}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":3,"col":36,"offset":0},"end":{"line":3,"col":39,"offset":3}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":3,"col":70,"offset":0},"end":{"line":3,"col":104,"offset":34}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":3,"col":119,"offset":0},"end":{"line":3,"col":144,"offset":25}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":4,"col":5,"offset":0},"end":{"line":4,"col":13,"offset":8}}]],"message":"Syntax error at line WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html:2:\n `<% _.each(assignments, function(assignment) { %>` was unexpected","path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","spans":[{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":2,"col":5,"offset":0},"end":{"line":2,"col":53,"offset":48}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":3,"col":36,"offset":0},"end":{"line":3,"col":39,"offset":3}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":3,"col":70,"offset":0},"end":{"line":3,"col":104,"offset":34}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":3,"col":119,"offset":0},"end":{"line":3,"col":144,"offset":25}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","start":{"line":4,"col":5,"offset":0},"end":{"line":4,"col":13,"offset":8}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":4,"col":9,"offset":0},"end":{"line":5,"col":60,"offset":98}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":7,"col":13,"offset":0},"end":{"line":7,"col":55,"offset":42}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":8,"col":95,"offset":0},"end":{"line":8,"col":107,"offset":12}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":9,"col":13,"offset":0},"end":{"line":9,"col":27,"offset":14}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":10,"col":73,"offset":0},"end":{"line":10,"col":85,"offset":12}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":11,"col":13,"offset":0},"end":{"line":11,"col":20,"offset":7}},{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":13,"col":9,"offset":0},"end":{"line":13,"col":18,"offset":9}}]],"message":"Syntax error at line WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html:4:\n `<% var baseUrl = overview.baseUrl; %>\r\n        <% _.each(overview.pages, function(page,index) { %>` was unexpected","path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","spans":[{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":4,"col":9,"offset":0},"end":{"line":5,"col":60,"offset":98}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":7,"col":13,"offset":0},"end":{"line":7,"col":55,"offset":42}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":8,"col":95,"offset":0},"end":{"line":8,"col":107,"offset":12}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":9,"col":13,"offset":0},"end":{"line":9,"col":27,"offset":14}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":10,"col":73,"offset":0},"end":{"line":10,"col":85,"offset":12}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":11,"col":13,"offset":0},"end":{"line":11,"col":20,"offset":7}},{"file":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","start":{"line":13,"col":9,"offset":0},"end":{"line":13,"col":18,"offset":9}}]},{"code":3,"level":"warn","type":["PartialParsing",[{"path":"lesson-01\\demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","start":{"line":321,"col":37,"offset":0},"end":{"line":322,"col":5,"offset":31}}]],"message":"Syntax error at line lesson-01\\demo-03-xss\\vulnerable-react-app\\UserProfile.jsx:321:\n `(/* */oNcLiCk=alert() )//\r\n */\r` was unexpected","path":"lesson-01\\demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","spans":[{"file":"lesson-01\\demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","start":{"line":321,"col":37,"offset":0},"end":{"line":322,"col":5,"offset":31}}]}],"paths":{"scanned":[".github\\create-security-issues.sh",".github\\dependabot.yml",".github\\labels.yml",".github\\REPOSITORY_SETTINGS.md",".github\\topics.json",".github\\workflows\\codeql.yml",".github\\workflows\\dependency-review.yml",".github\\workflows\\security-pipeline.yml",".gitignore","COPILOT_SECURITY_PROMPTS.md","github-security-testbed.code-workspace","lesson-01\\demo-01-configuration\\README.md","lesson-01\\demo-01-configuration\\vulnerable-pattern-test.js","lesson-01\\demo-02-sql-injection\\secure\\api.js","lesson-01\\demo-02-sql-injection\\vulnerable\\api.js","lesson-01\\demo-03-xss\\secure-react-app\\package.json","lesson-01\\demo-03-xss\\secure-react-app\\server.js","lesson-01\\demo-03-xss\\secure-react-app\\UserProfile.jsx","lesson-01\\demo-03-xss\\vulnerable-react-app\\App.jsx","lesson-01\\demo-03-xss\\vulnerable-react-app\\package.json","lesson-01\\demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","lesson-01\\demo-04-custom-scanners\\idor-app\\api\\documents.js","lesson-01\\demo-04-custom-scanners\\idor-app\\db.js","lesson-01\\demo-04-custom-scanners\\idor-app\\package.json","lesson-01\\demo-04-custom-scanners\\idor-app\\server.js","lesson-01\\demo-04-custom-scanners\\reports\\generate-report.js","lesson-01\\demo-04-custom-scanners\\scanner\\idor-scanner.js","lesson-01\\demo-04-custom-scanners\\scanner\\package.json","lesson-01\\demo-04-custom-scanners\\scanner\\race-condition-scanner.js","lesson-01\\findings.json","lesson-01\\lesson-01-demo-runbook-final.md","lesson-01\\prompts\\custom-scanner.md","lesson-01\\prompts\\sql-detection.md","lesson-01\\prompts\\xss-scanning.md","lesson-01\\README.md","lesson-02\\demo-01-crypto\\encryption-demo.js","lesson-02\\demo-02-oauth\\jwt-generator.js","lesson-02\\demo-02-oauth\\oauth-server.js","lesson-02\\demo-03-key-management\\azure-keyvault.js","lesson-02\\demo-03-key-management\\hashicorp-vault.js","lesson-02\\demo-04-zero-trust\\istio\\service-mesh.yaml","lesson-02\\demo-04-zero-trust\\terraform\\main.tf","lesson-02\\lesson-02-demo-runbook-final.md","lesson-02\\prompts\\crypto-implementation.md","lesson-02\\prompts\\oauth-jwt.md","lesson-02\\prompts\\zero-trust.md","lesson-02\\README.md","lesson-03\\demo-01-oauth-tests\\oauth-security-tests.js","lesson-03\\demo-02-fuzzing\\corpus\\sample-inputs.txt","lesson-03\\demo-02-fuzzing\\fuzzer.js","lesson-03\\demo-03-sast-dast\\codeql\\queries\\sql-injection.ql","lesson-03\\demo-03-sast-dast\\dast-scanner.js","lesson-03\\demo-03-sast-dast\\semgrep-rules.yaml","lesson-03\\demo-04-cicd-pipeline\\.github\\workflows\\security-pipeline.yml","lesson-03\\lesson-03-demo-runbook-final.md","lesson-03\\README.md","lesson-04\\demos\\auth-api\\middleware\\security.js","lesson-04\\demos\\auth-api\\server.js","lesson-04\\lesson-04-demo-runbook-final.md","lesson-04\\linters\\security-linter.js","lesson-04\\README.md","lesson-04\\scripts\\compliance-report.js","lesson-04\\scripts\\dependency-analyzer.js","lesson-05\\demo-01-iac-templates\\hardened\\ec2-hardened.tf","lesson-05\\demo-01-iac-templates\\vulnerable\\ec2-vulnerable.tf","lesson-05\\demo-02-compliance-scripts\\cis-benchmark-checker.js","lesson-05\\demo-03-stig-remediation\\stig-remediation.sh","lesson-05\\demo-04-ir-playbooks\\incident-response.js","lesson-05\\lesson-05-demo-runbook-final.md","lesson-05\\README.md","LICENSE","NodeGoat\\.dockerignore","NodeGoat\\.github\\workflows\\e2e-test.yml","NodeGoat\\.github\\workflows\\lint.yml","NodeGoat\\.gitignore","NodeGoat\\.jshintignore","NodeGoat\\.jshintrc","NodeGoat\\.travis.yml","NodeGoat\\app\\assets\\favicon.ico","NodeGoat\\app\\assets\\images\\nodegoat_logo.png","NodeGoat\\app\\assets\\images\\owasplogo.png","NodeGoat\\app\\assets\\js\\chart\\chart-data-morris.js","NodeGoat\\app\\assets\\js\\tour\\redirects-steps.js","NodeGoat\\app\\data\\allocations-dao.js","NodeGoat\\app\\data\\benefits-dao.js","NodeGoat\\app\\data\\contributions-dao.js","NodeGoat\\app\\data\\memos-dao.js","NodeGoat\\app\\data\\profile-dao.js","NodeGoat\\app\\data\\research-dao.js","NodeGoat\\app\\data\\user-dao.js","NodeGoat\\app\\routes\\allocations.js","NodeGoat\\app\\routes\\benefits.js","NodeGoat\\app\\routes\\contributions.js","NodeGoat\\app\\routes\\error.js","NodeGoat\\app\\routes\\index.js","NodeGoat\\app\\routes\\memos.js","NodeGoat\\app\\routes\\profile.js","NodeGoat\\app\\routes\\research.js","NodeGoat\\app\\routes\\session.js","NodeGoat\\app\\routes\\tutorial.js","NodeGoat\\app\\views\\allocations.html","NodeGoat\\app\\views\\benefits.html","NodeGoat\\app\\views\\contributions.html","NodeGoat\\app\\views\\dashboard.html","NodeGoat\\app\\views\\error-template.html","NodeGoat\\app\\views\\layout.html","NodeGoat\\app\\views\\login.html","NodeGoat\\app\\views\\memos.html","NodeGoat\\app\\views\\profile.html","NodeGoat\\app\\views\\research.html","NodeGoat\\app\\views\\signup.html","NodeGoat\\app\\views\\tutorial\\a1.html","NodeGoat\\app\\views\\tutorial\\a10.html","NodeGoat\\app\\views\\tutorial\\a2.html","NodeGoat\\app\\views\\tutorial\\a3.html","NodeGoat\\app\\views\\tutorial\\a4.html","NodeGoat\\app\\views\\tutorial\\a5.html","NodeGoat\\app\\views\\tutorial\\a6.html","NodeGoat\\app\\views\\tutorial\\a7.html","NodeGoat\\app\\views\\tutorial\\a8.html","NodeGoat\\app\\views\\tutorial\\a9.html","NodeGoat\\app\\views\\tutorial\\layout.html","NodeGoat\\app\\views\\tutorial\\redos.html","NodeGoat\\app\\views\\tutorial\\ssrf.html","NodeGoat\\app.json","NodeGoat\\artifacts\\cert\\server.crt","NodeGoat\\artifacts\\cert\\server.key","NodeGoat\\artifacts\\db-reset.js","NodeGoat\\CODE_OF_CONDUCT.md","NodeGoat\\config\\config.js","NodeGoat\\CONTRIBUTING.md","NodeGoat\\cypress.json","NodeGoat\\docker-compose.yml","NodeGoat\\Dockerfile","NodeGoat\\Gruntfile.js","NodeGoat\\LICENSE","NodeGoat\\nodemon.json","NodeGoat\\package-lock.json","NodeGoat\\package.json","NodeGoat\\Procfile","NodeGoat\\README.md","NodeGoat\\server.js","PyGoat\\.all-contributorsrc","PyGoat\\.github\\workflows\\flake8.yml","PyGoat\\.github\\workflows\\hadolint.yml","PyGoat\\.gitignore","PyGoat\\challenge\\__init__.py","PyGoat\\challenge\\admin.py","PyGoat\\challenge\\apps.py","PyGoat\\challenge\\challenge.json","PyGoat\\challenge\\management\\commands\\populate_challenge.py","PyGoat\\challenge\\management\\commands\\populate_challenges.py","PyGoat\\challenge\\migrations\\0001_initial.py","PyGoat\\challenge\\migrations\\0002_challenge_docker_port.py","PyGoat\\challenge\\migrations\\0003_alter_challenge_docker_image_alter_challenge_id_and_more.py","PyGoat\\challenge\\migrations\\__init__.py","PyGoat\\challenge\\models.py","PyGoat\\challenge\\README.md","PyGoat\\challenge\\templates\\chal-not-found.html","PyGoat\\challenge\\templates\\challenge.html","PyGoat\\challenge\\tests.py","PyGoat\\challenge\\urls.py","PyGoat\\challenge\\utility.py","PyGoat\\challenge\\views.py","PyGoat\\CHANGELOG.md","PyGoat\\chatbot\\pygoatbot.ipynb","PyGoat\\chatbot\\README.md","PyGoat\\docker-compose.yml","PyGoat\\Dockerfile","PyGoat\\dockerized_labs\\broken_auth_lab\\app.py","PyGoat\\dockerized_labs\\broken_auth_lab\\docker-compose.yml","PyGoat\\dockerized_labs\\broken_auth_lab\\Dockerfile","PyGoat\\dockerized_labs\\broken_auth_lab\\README.md","PyGoat\\dockerized_labs\\broken_auth_lab\\requirements.txt","PyGoat\\dockerized_labs\\broken_auth_lab\\static\\style.css","PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\base.html","PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\dashboard.html","PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\index.html","PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\lab.html","PyGoat\\dockerized_labs\\broken_auth_lab\\templates\\reset.html","PyGoat\\dockerized_labs\\insec_des_lab\\.dockerignore","PyGoat\\dockerized_labs\\insec_des_lab\\docker-compose.yml","PyGoat\\dockerized_labs\\insec_des_lab\\Dockerfile","PyGoat\\dockerized_labs\\insec_des_lab\\main.py","PyGoat\\dockerized_labs\\insec_des_lab\\README.md","PyGoat\\dockerized_labs\\insec_des_lab\\requirements.txt","PyGoat\\dockerized_labs\\insec_des_lab\\static\\style.css","PyGoat\\dockerized_labs\\insec_des_lab\\templates\\base.html","PyGoat\\dockerized_labs\\insec_des_lab\\templates\\index.html","PyGoat\\dockerized_labs\\insec_des_lab\\templates\\result.html","PyGoat\\dockerized_labs\\sensitive_data_exposure\\dataexposure\\__init__.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\dataexposure\\forms.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\dataexposure\\migrations\\0001_initial.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\dataexposure\\migrations\\__init__.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\dataexposure\\models.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\dataexposure\\urls.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\dataexposure\\views.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\docker-compose.yml","PyGoat\\dockerized_labs\\sensitive_data_exposure\\Dockerfile","PyGoat\\dockerized_labs\\sensitive_data_exposure\\entrypoint.sh","PyGoat\\dockerized_labs\\sensitive_data_exposure\\manage.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\README.md","PyGoat\\dockerized_labs\\sensitive_data_exposure\\requirements.txt","PyGoat\\dockerized_labs\\sensitive_data_exposure\\sensitive_data_lab\\__init__.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\sensitive_data_lab\\settings.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\sensitive_data_lab\\urls.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\sensitive_data_lab\\wsgi.py","PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\about.html","PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\base.html","PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\index.html","PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\lesson.html","PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\login.html","PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\profile.html","PyGoat\\dockerized_labs\\sensitive_data_exposure\\templates\\register.html","PyGoat\\docs\\dev_guide.md","PyGoat\\gh-md-toc","PyGoat\\installer.sh","PyGoat\\introduction\\__init__.py","PyGoat\\introduction\\admin.py","PyGoat\\introduction\\apis.py","PyGoat\\introduction\\apps.py","PyGoat\\introduction\\forms.py","PyGoat\\introduction\\lab_code\\test.py","PyGoat\\introduction\\migrations\\0001_initial.py","PyGoat\\introduction\\migrations\\0002_auto_20210414_1510.py","PyGoat\\introduction\\migrations\\0003_password_user.py","PyGoat\\introduction\\migrations\\0004_auto_20210415_1722.py","PyGoat\\introduction\\migrations\\0005_auto_20210415_1748.py","PyGoat\\introduction\\migrations\\0006_comments.py","PyGoat\\introduction\\migrations\\0007_auto_20210418_0022.py","PyGoat\\introduction\\migrations\\0008_otp.py","PyGoat\\introduction\\migrations\\0009_auto_20210517_2047.py","PyGoat\\introduction\\migrations\\0010_authlogin.py","PyGoat\\introduction\\migrations\\0011_tickits.py","PyGoat\\introduction\\migrations\\0012_alter_tickits_user.py","PyGoat\\introduction\\migrations\\0013_alter_comments_id_alter_faang_id_alter_info_id_and_more.py","PyGoat\\introduction\\migrations\\0014_sql_lab_table.py","PyGoat\\introduction\\migrations\\0015_blogs.py","PyGoat\\introduction\\migrations\\0016_alter_blogs_blog_id.py","PyGoat\\introduction\\migrations\\0017_cf_user.py","PyGoat\\introduction\\migrations\\0018_cf_user_password2.py","PyGoat\\introduction\\migrations\\0019_af_admin.py","PyGoat\\introduction\\migrations\\0020_af_session_id_alter_af_admin_lockout_cooldown.py","PyGoat\\introduction\\migrations\\0021_csrf_user_tbl.py","PyGoat\\introduction\\migrations\\__init__.py","PyGoat\\introduction\\mitre.py","PyGoat\\introduction\\models.py","PyGoat\\introduction\\playground\\__init__.py","PyGoat\\introduction\\playground\\A6\\soln.py","PyGoat\\introduction\\playground\\A6\\utility.py","PyGoat\\introduction\\playground\\A9\\api.py","PyGoat\\introduction\\playground\\A9\\archive.py","PyGoat\\introduction\\playground\\A9\\main.py","PyGoat\\introduction\\playground\\readme.md","PyGoat\\introduction\\playground\\ssrf\\__init__.py","PyGoat\\introduction\\playground\\ssrf\\main.py","PyGoat\\introduction\\playground\\ssrf\\secret.txt","PyGoat\\introduction\\playground\\ssrf\\templates\\Lab\\ssrf\\blogs\\blog1.txt","PyGoat\\introduction\\playground\\ssrf\\templates\\Lab\\ssrf\\blogs\\blog2.txt","PyGoat\\introduction\\playground\\ssrf\\templates\\Lab\\ssrf\\blogs\\blog3.txt","PyGoat\\introduction\\playground\\ssrf\\templates\\Lab\\ssrf\\blogs\\blog4.txt","PyGoat\\introduction\\playground\\ssrf\\test.py","PyGoat\\introduction\\static\\css\\common.css","PyGoat\\introduction\\static\\css\\dark-challenges.css","PyGoat\\introduction\\static\\css\\dark-theme.css","PyGoat\\introduction\\static\\css\\home.css","PyGoat\\introduction\\static\\css\\light.css","PyGoat\\introduction\\static\\css\\playground.css","PyGoat\\introduction\\static\\css\\style.css","PyGoat\\introduction\\static\\fake.txt","PyGoat\\introduction\\static\\google.jpg","PyGoat\\introduction\\static\\js\\a6.js","PyGoat\\introduction\\static\\js\\a7.js","PyGoat\\introduction\\static\\js\\a9.js","PyGoat\\introduction\\static\\Lab\\icons\\pygoat-mini.png","PyGoat\\introduction\\static\\Lab\\icons\\pygoat-mini.svg","PyGoat\\introduction\\static\\Lab\\icons\\pygoat-small.png","PyGoat\\introduction\\static\\Lab\\icons\\pygoat-small.svg","PyGoat\\introduction\\static\\Lab\\icons\\pygoat.png","PyGoat\\introduction\\static\\Lab\\icons\\pygoat.svg","PyGoat\\introduction\\static\\Lab\\image\\xxe.jpg","PyGoat\\introduction\\static\\Lab\\ssrf.css","PyGoat\\introduction\\static\\Lab\\ssrf.js","PyGoat\\introduction\\static\\Lab\\ssti.css","PyGoat\\introduction\\static\\Lab\\xss.js","PyGoat\\introduction\\static\\real.txt","PyGoat\\introduction\\templates\\introduction\\base.html","PyGoat\\introduction\\templates\\introduction\\home.html","PyGoat\\introduction\\templates\\Lab\\A10\\a10.html","PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab.html","PyGoat\\introduction\\templates\\Lab\\A10\\a10_lab2.html","PyGoat\\introduction\\templates\\Lab\\A11\\a11.html","PyGoat\\introduction\\templates\\Lab\\A11\\a11_lab.html","PyGoat\\introduction\\templates\\Lab\\A9\\a9.html","PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab.html","PyGoat\\introduction\\templates\\Lab\\A9\\a9_lab2.html","PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_home.html","PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab.html","PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_login.html","PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_lab_signup.html","PyGoat\\introduction\\templates\\Lab\\AUTH\\auth_success.html","PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba.html","PyGoat\\introduction\\templates\\Lab\\BrokenAccess\\ba_lab.html","PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau.html","PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\bau_lab.html","PyGoat\\introduction\\templates\\Lab\\BrokenAuth\\otp.html","PyGoat\\introduction\\templates\\Lab\\CMD\\cmd.html","PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab.html","PyGoat\\introduction\\templates\\Lab\\CMD\\cmd_lab2.html","PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp.html","PyGoat\\introduction\\templates\\Lab\\DataExp\\data_exp_lab.html","PyGoat\\introduction\\templates\\Lab\\DataExp\\robots.txt","PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des.html","PyGoat\\introduction\\templates\\Lab\\insec_des\\insec_des_lab.html","PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis.html","PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab.html","PyGoat\\introduction\\templates\\Lab\\sec_mis\\sec_mis_lab3.html","PyGoat\\introduction\\templates\\Lab\\SQL\\sql.html","PyGoat\\introduction\\templates\\Lab\\SQL\\sql_lab.html","PyGoat\\introduction\\templates\\Lab\\ssrf\\blogs\\blog1.txt","PyGoat\\introduction\\templates\\Lab\\ssrf\\blogs\\blog2.txt","PyGoat\\introduction\\templates\\Lab\\ssrf\\blogs\\blog3.txt","PyGoat\\introduction\\templates\\Lab\\ssrf\\blogs\\blog4.txt","PyGoat\\introduction\\templates\\Lab\\ssrf\\secret.txt","PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf.html","PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_discussion.html","PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab.html","PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_lab2.html","PyGoat\\introduction\\templates\\Lab\\ssrf\\ssrf_target.html","PyGoat\\introduction\\templates\\Lab\\XSS\\xss.html","PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab.html","PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_2.html","PyGoat\\introduction\\templates\\Lab\\XSS\\xss_lab_3.html","PyGoat\\introduction\\templates\\Lab\\XXE\\xxe.html","PyGoat\\introduction\\templates\\Lab\\XXE\\xxe_lab.html","PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access.html","PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_1.html","PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_2.html","PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\broken_access_lab_3.html","PyGoat\\introduction\\templates\\Lab_2021\\A1_BrokenAccessControl\\secret.html","PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure.html","PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab.html","PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab2.html","PyGoat\\introduction\\templates\\Lab_2021\\A2_Crypto_failur\\crypto_failure_lab3.html","PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\Blogs\\0db9c0e7093d.html","PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\Blogs\\9d73d120683d.html","PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\Blogs\\a2538af1b5e4.html","PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\injection.html","PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\sql_lab.html","PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti.html","PyGoat\\introduction\\templates\\Lab_2021\\A3_Injection\\ssti_lab.html","PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\a7.html","PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab2.html","PyGoat\\introduction\\templates\\Lab_2021\\A7_auth_failure\\lab3.html","PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\desc.html","PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab2.html","PyGoat\\introduction\\templates\\Lab_2021\\A8_software_and_data_integrity_failure\\lab3.html","PyGoat\\introduction\\templates\\mitre\\csrf_dashboard.html","PyGoat\\introduction\\templates\\mitre\\csrf_lab_login.html","PyGoat\\introduction\\templates\\mitre\\mitre_lab_17.html","PyGoat\\introduction\\templates\\mitre\\mitre_lab_25.html","PyGoat\\introduction\\templates\\mitre\\mitre_top1.html","PyGoat\\introduction\\templates\\mitre\\mitre_top10.html","PyGoat\\introduction\\templates\\mitre\\mitre_top11.html","PyGoat\\introduction\\templates\\mitre\\mitre_top12.html","PyGoat\\introduction\\templates\\mitre\\mitre_top13.html","PyGoat\\introduction\\templates\\mitre\\mitre_top14.html","PyGoat\\introduction\\templates\\mitre\\mitre_top15.html","PyGoat\\introduction\\templates\\mitre\\mitre_top16.html","PyGoat\\introduction\\templates\\mitre\\mitre_top17.html","PyGoat\\introduction\\templates\\mitre\\mitre_top18.html","PyGoat\\introduction\\templates\\mitre\\mitre_top19.html","PyGoat\\introduction\\templates\\mitre\\mitre_top2.html","PyGoat\\introduction\\templates\\mitre\\mitre_top20.html","PyGoat\\introduction\\templates\\mitre\\mitre_top21.html","PyGoat\\introduction\\templates\\mitre\\mitre_top22.html","PyGoat\\introduction\\templates\\mitre\\mitre_top23.html","PyGoat\\introduction\\templates\\mitre\\mitre_top24.html","PyGoat\\introduction\\templates\\mitre\\mitre_top25.html","PyGoat\\introduction\\templates\\mitre\\mitre_top3.html","PyGoat\\introduction\\templates\\mitre\\mitre_top4.html","PyGoat\\introduction\\templates\\mitre\\mitre_top5.html","PyGoat\\introduction\\templates\\mitre\\mitre_top6.html","PyGoat\\introduction\\templates\\mitre\\mitre_top7.html","PyGoat\\introduction\\templates\\mitre\\mitre_top8.html","PyGoat\\introduction\\templates\\mitre\\mitre_top9.html","PyGoat\\introduction\\templates\\playground\\A6\\index.html","PyGoat\\introduction\\templates\\playground\\A7\\index.html","PyGoat\\introduction\\templates\\playground\\A9\\index.html","PyGoat\\introduction\\templates\\registration\\login.html","PyGoat\\introduction\\templates\\registration\\logout.html","PyGoat\\introduction\\templates\\registration\\register.html","PyGoat\\introduction\\tests.py","PyGoat\\introduction\\urls.py","PyGoat\\introduction\\utility.py","PyGoat\\introduction\\views.py","PyGoat\\introduction\\xee_see.txt","PyGoat\\LICENSE.md","PyGoat\\manage.py","PyGoat\\Procfile","PyGoat\\pygoat\\__init__.py","PyGoat\\pygoat\\asgi.py","PyGoat\\pygoat\\settings.py","PyGoat\\pygoat\\urls.py","PyGoat\\pygoat\\wsgi.py","PyGoat\\PyGoatBot.py","PyGoat\\README.md","PyGoat\\requirements.txt","PyGoat\\setup.py","PyGoat\\Solutions\\img\\img4.png","PyGoat\\Solutions\\img\\pic1.png","PyGoat\\Solutions\\img\\pic2.png","PyGoat\\Solutions\\img\\pic3.png","PyGoat\\Solutions\\solution.md","PyGoat\\uninstaller.py","PyGoat\\uninstaller.sh","README.md","SECURITY.md","TerraGoat\\.github\\template.md","TerraGoat\\.github\\workflows\\checkov.yaml","TerraGoat\\.github\\workflows\\pull_request.yaml","TerraGoat\\.gitignore","TerraGoat\\LICENSE","TerraGoat\\README.md","TerraGoat\\terraform\\aws\\consts.tf","TerraGoat\\terraform\\aws\\db-app.tf","TerraGoat\\terraform\\aws\\ec2.tf","TerraGoat\\terraform\\aws\\ecr.tf","TerraGoat\\terraform\\aws\\eks.tf","TerraGoat\\terraform\\aws\\elb.tf","TerraGoat\\terraform\\aws\\es.tf","TerraGoat\\terraform\\aws\\iam.tf","TerraGoat\\terraform\\aws\\kms.tf","TerraGoat\\terraform\\aws\\lambda.tf","TerraGoat\\terraform\\aws\\neptune.tf","TerraGoat\\terraform\\aws\\providers.tf","TerraGoat\\terraform\\aws\\resources\\customer-master.xlsx","TerraGoat\\terraform\\aws\\resources\\Dockerfile","TerraGoat\\terraform\\aws\\resources\\lambda_function_payload.zip","TerraGoat\\terraform\\aws\\s3.tf","TerraGoat\\terraform\\azure\\aks.tf","TerraGoat\\terraform\\azure\\app_service.tf","TerraGoat\\terraform\\azure\\application_gateway.tf","TerraGoat\\terraform\\azure\\instance.tf","TerraGoat\\terraform\\azure\\key_vault.tf","TerraGoat\\terraform\\azure\\logging.tf","TerraGoat\\terraform\\azure\\networking.tf","TerraGoat\\terraform\\azure\\policies.tf","TerraGoat\\terraform\\azure\\provider.tf","TerraGoat\\terraform\\azure\\random.tf","TerraGoat\\terraform\\azure\\resource_group.tf","TerraGoat\\terraform\\azure\\roles.tf","TerraGoat\\terraform\\azure\\security_center.tf","TerraGoat\\terraform\\azure\\sql.tf","TerraGoat\\terraform\\azure\\storage.tf","TerraGoat\\terraform\\azure\\variables.tf","TerraGoat\\terraform\\gcp\\big_data.tf","TerraGoat\\terraform\\gcp\\gcs.tf","TerraGoat\\terraform\\gcp\\gke.tf","TerraGoat\\terraform\\gcp\\instances.tf","TerraGoat\\terraform\\gcp\\networks.tf","TerraGoat\\terraform\\gcp\\provider.tf","TerraGoat\\terraform\\gcp\\variables.tf","TerraGoat\\terragoat-logo.png","WebGoat\\.dockerignore","WebGoat\\.editorconfig","WebGoat\\.github\\actions\\java-setup\\action.yml","WebGoat\\.github\\dependabot.yml","WebGoat\\.github\\FUNDING.yml","WebGoat\\.github\\lock.yml","WebGoat\\.github\\stale.yml","WebGoat\\.github\\workflows\\branchbuild.txt","WebGoat\\.github\\workflows\\build.yml","WebGoat\\.github\\workflows\\release.yml","WebGoat\\.github\\workflows\\welcome.yml","WebGoat\\.gitignore","WebGoat\\.mvn\\wrapper\\maven-wrapper.jar","WebGoat\\.mvn\\wrapper\\maven-wrapper.properties","WebGoat\\.mvn\\wrapper\\MavenWrapperDownloader.java","WebGoat\\.pre-commit-config.yaml","WebGoat\\CODE_OF_CONDUCT.md","WebGoat\\config\\checkstyle\\checkstyle.xml","WebGoat\\config\\checkstyle\\suppressions.xml","WebGoat\\config\\dependency-check\\project-suppression.xml","WebGoat\\config\\desktop\\start_webgoat.sh","WebGoat\\config\\desktop\\start_zap.sh","WebGoat\\config\\desktop\\WebGoat.txt","WebGoat\\config\\license-headers\\java","WebGoat\\CONTRIBUTING.md","WebGoat\\COPYRIGHT.txt","WebGoat\\CREATE_RELEASE.md","WebGoat\\Dockerfile","WebGoat\\Dockerfile_desktop","WebGoat\\docs\\images\\webgoat.png","WebGoat\\docs\\index.html","WebGoat\\docs\\README.md","WebGoat\\FAQ.md","WebGoat\\LICENSE.txt","WebGoat\\mvn-debug","WebGoat\\mvnw","WebGoat\\mvnw.cmd","WebGoat\\pom.xml","WebGoat\\PULL_REQUEST_TEMPLATE.md","WebGoat\\README.md","WebGoat\\README_I18N.md","WebGoat\\RELEASE_NOTES.md","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\AccessControlIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\ChallengeIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\CryptoIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\CSRFIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\DeserializationIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\GeneralLessonIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\IDORIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\IntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\JWTLessonIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\LabelAndHintIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\OpenRedirectIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\PasswordResetLessonIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\PathTraversalIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\ProgressRaceConditionIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\SessionManagementIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\SqlInjectionAdvancedIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\SqlInjectionLessonIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\SqlInjectionMitigationIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\SSRFIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\WebWolfIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\XSSIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\integration\\XXEIntegrationTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\helpers\\Authentication.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\lessons\\HttpBasicsLessonUITest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\lessons\\OpenRedirectLessonUITest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\lessons\\SecurityMisconfigurationLessonUITest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\lessons\\SqlInjectionAdvancedUITest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\LoginUITest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\pages\\lessons\\HttpBasicsLessonPage.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\pages\\lessons\\LessonPage.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\pages\\lessons\\OpenRedirectLessonPage.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\pages\\lessons\\SecurityMisconfigurationLessonPage.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\pages\\RegistrationPage.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\pages\\WebGoatLoginPage.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\PlaywrightTest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webgoat\\RegistrationUITest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webwolf\\JwtUITest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webwolf\\LoginUITest.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\playwright\\webwolf\\pages\\WebWolfLoginPage.java","WebGoat\\src\\it\\java\\org\\owasp\\webgoat\\ServerUrlConfig.java","WebGoat\\src\\main\\java\\org\\dummy\\insecure\\framework\\VulnerableTaskHolder.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\AjaxAuthenticationEntryPoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\asciidoc\\EnvironmentExposure.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\asciidoc\\OperatingSystemMacro.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\asciidoc\\UsernameMacro.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\asciidoc\\WebGoatTmpDirMacro.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\asciidoc\\WebGoatVersionMacro.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\asciidoc\\WebWolfMacro.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\asciidoc\\WebWolfRootMacro.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\AsciiDoctorTemplateResolver.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\assignments\\AssignmentEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\assignments\\AssignmentHints.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\assignments\\AttackResult.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\assignments\\AttackResultBuilder.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\assignments\\AttackResultMessageResponseBodyAdvice.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\assignments\\LessonTrackerInterceptor.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\controller\\StartLesson.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\controller\\Welcome.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\CurrentUser.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\CurrentUsername.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\DatabaseConfiguration.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\HammerHead.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\i18n\\Language.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\i18n\\Messages.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\i18n\\PluginMessages.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\LessonDataSource.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\LessonResourceScanner.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\Assignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\Category.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\CourseConfiguration.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\Hint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\Initializable.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\Lesson.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\LessonConnectionInvocationHandler.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\LessonInfoModel.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\LessonMenuItem.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\LessonMenuItemType.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\lessons\\LessonName.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\LessonTemplateResolver.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\MvcConfiguration.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\report\\ReportCardController.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\EnvironmentService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\HintService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\LabelDebugService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\LabelService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\LessonInfoService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\LessonMenuService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\LessonProgressService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\RestartLessonService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\service\\SessionService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\session\\Course.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\session\\LabelDebugger.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\session\\LessonSession.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\UserInterceptor.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\AssignmentProgress.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\LessonProgress.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\RegistrationController.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\UserForm.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\UserProgress.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\UserProgressRepository.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\UserRepository.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\UserService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\UserSession.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\UserValidator.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\users\\WebGoatUser.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\WebGoat.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\WebSecurityConfig.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\container\\WebWolfRedirect.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\authbypass\\AccountVerificationHelper.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\authbypass\\AuthBypass.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\authbypass\\VerifyAccount.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\bypassrestrictions\\BypassRestrictions.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\bypassrestrictions\\BypassRestrictionsFieldRestrictions.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\bypassrestrictions\\BypassRestrictionsFrontendValidation.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge1\\Assignment1.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge1\\Challenge1.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge1\\ImageServlet.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge5\\Assignment5.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge5\\Challenge5.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge7\\Assignment7.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge7\\Challenge7.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge7\\MD5.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge7\\PasswordResetLink.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge8\\Assignment8.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge8\\Challenge8.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\ChallengeIntro.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\Email.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\Flag.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\FlagController.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\Flags.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\SolutionConstants.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\chromedevtools\\ChromeDevTools.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\chromedevtools\\NetworkDummy.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\chromedevtools\\NetworkLesson.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cia\\CIA.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cia\\CIAQuiz.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\clientsidefiltering\\ClientSideFiltering.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\clientsidefiltering\\ClientSideFilteringAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\clientsidefiltering\\ClientSideFilteringFreeAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\clientsidefiltering\\Salaries.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\clientsidefiltering\\ShopEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\Cryptography.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\CryptoUtil.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\EncodingAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\HashingAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\SecureDefaultsAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\SigningAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\cryptography\\XOREncodingAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\csrf\\CSRF.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\csrf\\CSRFConfirmFlag1.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\csrf\\CSRFFeedback.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\csrf\\CSRFGetFlag.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\csrf\\CSRFLogin.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\csrf\\ForgedReviews.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\csrf\\Review.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\deserialization\\InsecureDeserialization.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\deserialization\\InsecureDeserializationTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\deserialization\\SerializationHelper.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\hijacksession\\cas\\Authentication.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\hijacksession\\cas\\AuthenticationProvider.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\hijacksession\\cas\\HijackSessionAuthenticationProvider.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\hijacksession\\HijackSession.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\hijacksession\\HijackSessionAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\htmltampering\\HtmlTampering.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\htmltampering\\HtmlTamperingTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\httpbasics\\HttpBasics.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\httpbasics\\HttpBasicsLesson.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\httpbasics\\HttpBasicsQuiz.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\httpproxies\\HttpBasicsInterceptRequest.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\httpproxies\\HttpProxies.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\idor\\IDOR.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\idor\\IDORDiffAttributes.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\idor\\IDOREditOtherProfile.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\idor\\IDORLogin.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\idor\\IDORViewOtherProfile.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\idor\\IDORViewOwnProfile.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\idor\\IDORViewOwnProfileAltUrl.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\idor\\UserProfile.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\insecurelogin\\InsecureLogin.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\insecurelogin\\InsecureLoginTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\claimmisuse\\JWTHeaderJKUEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\claimmisuse\\JWTHeaderKIDEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\JWT.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\JWTDecodeEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\JWTQuiz.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\JWTRefreshEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\JWTSecretKeyEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\JWTVotesEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\votes\\Views.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\votes\\Vote.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\lessontemplate\\LessonTemplate.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\lessontemplate\\SampleAttack.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\logging\\LogBleedingTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\logging\\LogSpoofing.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\logging\\LogSpoofingTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\missingac\\DisplayUser.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\missingac\\MissingAccessControlUserRepository.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\missingac\\MissingFunctionAC.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\missingac\\MissingFunctionACHiddenMenus.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\missingac\\MissingFunctionACUsers.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\missingac\\MissingFunctionACYourHash.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\missingac\\MissingFunctionACYourHashAdmin.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\missingac\\User.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirect.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectMitigationCheck.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectQuiz.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectRealRedirect.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectSecureController.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectTask1.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectTask2.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectTask3.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectTask4.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\PasswordReset.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\PasswordResetEmail.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\QuestionsAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\resetlink\\PasswordChangeForm.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\ResetLinkAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\ResetLinkAssignmentForgotPassword.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\SecurityQuestionAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\SimpleMailAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\passwordreset\\TriedQuestions.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\PathTraversal.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileUpload.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileUploadBase.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileUploadFix.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileUploadRemoveUserInput.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileUploadRetrieval.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileZipSlip.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\securepasswords\\SecurePasswords.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\securepasswords\\SecurePasswordsAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\securitymisconfiguration\\ActuatorExposureTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\securitymisconfiguration\\ConfigHardeningTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\securitymisconfiguration\\DefaultCredentialsTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\securitymisconfiguration\\SecurityMisconfiguration.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\securitymisconfiguration\\VerboseErrorTask.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\spoofcookie\\encoders\\EncDec.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\spoofcookie\\SpoofCookie.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\spoofcookie\\SpoofCookieAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\advanced\\SqlInjectionAdvanced.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\advanced\\SqlInjectionChallenge.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\advanced\\SqlInjectionChallengeLogin.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\advanced\\SqlInjectionLesson6a.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\advanced\\SqlInjectionLesson6b.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\advanced\\SqlInjectionQuiz.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjection.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson10.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson2.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson3.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson4.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson5.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson5a.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson5b.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson8.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson9.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\Servers.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\SqlInjectionLesson10a.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\SqlInjectionLesson10b.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\SqlInjectionLesson13.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\SqlInjectionMitigations.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\SqlOnlyInputValidation.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\SqlOnlyInputValidationOnKeywords.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\ssrf\\SSRF.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\ssrf\\SSRFTask1.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\ssrf\\SSRFTask2.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\vulnerablecomponents\\Contact.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\vulnerablecomponents\\ContactImpl.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\vulnerablecomponents\\VulnerableComponents.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\vulnerablecomponents\\VulnerableComponentsLesson.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\webgoatintroduction\\WebGoatIntroduction.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\webwolfintroduction\\Email.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\webwolfintroduction\\LandingAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\webwolfintroduction\\MailAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\webwolfintroduction\\WebWolfIntroduction.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\Comment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\CrossSiteScripting.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\CrossSiteScriptingLesson1.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\CrossSiteScriptingLesson5a.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\CrossSiteScriptingLesson6a.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\CrossSiteScriptingQuiz.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\DOMCrossSiteScripting.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\DOMCrossSiteScriptingVerifier.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\mitigation\\CrossSiteScriptingLesson3.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\mitigation\\CrossSiteScriptingLesson4.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\mitigation\\CrossSiteScriptingMitigation.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\stored\\CrossSiteScriptingStored.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\stored\\StoredCrossSiteScriptingVerifier.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\stored\\StoredXssComments.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\BlindSendFileAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\Comment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\CommentsCache.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\CommentsEndpoint.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\ContentTypeAssignment.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\Ping.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\SimpleXXE.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\User.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xxe\\XXE.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\server\\ParentConfig.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\server\\StartWebGoat.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\FileServer.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\jwt\\JWTController.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\jwt\\JWTToken.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\mailbox\\Email.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\mailbox\\MailboxController.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\mailbox\\MailboxRepository.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\MvcConfiguration.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\requests\\LandingPage.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\requests\\Requests.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\requests\\WebWolfTraceRepository.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\user\\UserRepository.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\user\\UserService.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\user\\WebWolfUser.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\WebSecurityConfig.java","WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\webwolf\\WebWolf.java","WebGoat\\src\\main\\resources\\application-webgoat.properties","WebGoat\\src\\main\\resources\\application-webwolf.properties","WebGoat\\src\\main\\resources\\banner-webgoat.txt","WebGoat\\src\\main\\resources\\banner-webwolf.txt","WebGoat\\src\\main\\resources\\db\\container\\V1__init.sql","WebGoat\\src\\main\\resources\\goatkeystore.pkcs12","WebGoat\\src\\main\\resources\\i18n\\messages.properties","WebGoat\\src\\main\\resources\\i18n\\messages_de.properties","WebGoat\\src\\main\\resources\\i18n\\messages_fr.properties","WebGoat\\src\\main\\resources\\i18n\\messages_nl.properties","WebGoat\\src\\main\\resources\\lessons\\authbypass\\documentation\\2fa-bypass.adoc","WebGoat\\src\\main\\resources\\lessons\\authbypass\\documentation\\bypass-intro.adoc","WebGoat\\src\\main\\resources\\lessons\\authbypass\\documentation\\lesson-template-video.adoc","WebGoat\\src\\main\\resources\\lessons\\authbypass\\html\\AuthBypass.html","WebGoat\\src\\main\\resources\\lessons\\authbypass\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\authbypass\\images\\firefox-proxy-config.png","WebGoat\\src\\main\\resources\\lessons\\authbypass\\images\\paypal-2fa-bypass.png","WebGoat\\src\\main\\resources\\lessons\\authbypass\\js\\bypass.js","WebGoat\\src\\main\\resources\\lessons\\bypassrestrictions\\css\\bypass-restrictions.css","WebGoat\\src\\main\\resources\\lessons\\bypassrestrictions\\documentation\\BypassRestrictions_FieldRestrictions.adoc","WebGoat\\src\\main\\resources\\lessons\\bypassrestrictions\\documentation\\BypassRestrictions_FrontendValidation.adoc","WebGoat\\src\\main\\resources\\lessons\\bypassrestrictions\\documentation\\BypassRestrictions_Intro.adoc","WebGoat\\src\\main\\resources\\lessons\\bypassrestrictions\\html\\BypassRestrictions.html","WebGoat\\src\\main\\resources\\lessons\\bypassrestrictions\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\challenges\\challenge7\\git.zip","WebGoat\\src\\main\\resources\\lessons\\challenges\\css\\challenge6.css","WebGoat\\src\\main\\resources\\lessons\\challenges\\css\\challenge8.css","WebGoat\\src\\main\\resources\\lessons\\challenges\\db\\migration\\V2018_09_26_1__users.sql","WebGoat\\src\\main\\resources\\lessons\\challenges\\documentation\\Challenge_1.adoc","WebGoat\\src\\main\\resources\\lessons\\challenges\\documentation\\Challenge_5.adoc","WebGoat\\src\\main\\resources\\lessons\\challenges\\documentation\\Challenge_6.adoc","WebGoat\\src\\main\\resources\\lessons\\challenges\\documentation\\Challenge_7.adoc","WebGoat\\src\\main\\resources\\lessons\\challenges\\documentation\\Challenge_8.adoc","WebGoat\\src\\main\\resources\\lessons\\challenges\\documentation\\Challenge_introduction.adoc","WebGoat\\src\\main\\resources\\lessons\\challenges\\html\\Challenge1.html","WebGoat\\src\\main\\resources\\lessons\\challenges\\html\\Challenge5.html","WebGoat\\src\\main\\resources\\lessons\\challenges\\html\\Challenge6.html","WebGoat\\src\\main\\resources\\lessons\\challenges\\html\\Challenge7.html","WebGoat\\src\\main\\resources\\lessons\\challenges\\html\\Challenge8.html","WebGoat\\src\\main\\resources\\lessons\\challenges\\html\\ChallengeIntro.html","WebGoat\\src\\main\\resources\\lessons\\challenges\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\avatar1.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\boss.jpg","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge1-small.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge1.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge2-small.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge2.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge3-small.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge3.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge4-small.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge4.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge5-small.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\challenge5.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\hi-five-cat.jpg","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\user1.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\user2.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\user3.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\images\\webgoat2.png","WebGoat\\src\\main\\resources\\lessons\\challenges\\js\\challenge6.js","WebGoat\\src\\main\\resources\\lessons\\challenges\\js\\challenge8.js","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\documentation\\ChromeDevTools_Assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\documentation\\ChromeDevTools_Assignment_Network.adoc","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\documentation\\ChromeDevTools_console.adoc","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\documentation\\ChromeDevTools_elements.adoc","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\documentation\\ChromeDevTools_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\documentation\\ChromeDevTools_sources.adoc","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\html\\ChromeDevTools.html","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\images\\ChromeDev_Console_Clear.jpg","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\images\\ChromeDev_Console_Ex.jpg","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\images\\ChromeDev_Elements.jpg","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\images\\ChromeDev_Elements_CSS.jpg","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\images\\ChromeDev_Network.jpg","WebGoat\\src\\main\\resources\\lessons\\chromedevtools\\images\\ChromeDev_Sources.jpg","WebGoat\\src\\main\\resources\\lessons\\cia\\documentation\\CIA_availability.adoc","WebGoat\\src\\main\\resources\\lessons\\cia\\documentation\\CIA_confidentiality.adoc","WebGoat\\src\\main\\resources\\lessons\\cia\\documentation\\CIA_integrity.adoc","WebGoat\\src\\main\\resources\\lessons\\cia\\documentation\\CIA_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\cia\\documentation\\CIA_quiz.adoc","WebGoat\\src\\main\\resources\\lessons\\cia\\html\\CIA.html","WebGoat\\src\\main\\resources\\lessons\\cia\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\cia\\js\\questions_cia.json","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\css\\clientSideFiltering-stage1.css","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\css\\clientSideFilteringFree.css","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\documentation\\ClientSideFiltering_assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\documentation\\ClientSideFiltering_final.adoc","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\documentation\\ClientSideFiltering_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\html\\ClientSideFiltering.html","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\images\\lesson1_header.jpg","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\images\\lesson1_workspace.jpg","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\images\\samsung-black.jpg","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\images\\samsung-grey.jpg","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\js\\clientSideFiltering.js","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\js\\clientSideFilteringFree.js","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\lessonSolutions\\en\\ClientSideFiltering.html","WebGoat\\src\\main\\resources\\lessons\\clientsidefiltering\\lessonSolutions\\en\\ClientSideFiltering_files\\clientside_firebug.jpg","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\Crypto_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\defaults.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\encoding_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\encoding_plan2.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\encryption.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\hashing_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\keystores.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\postquantum.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\documentation\\signing.adoc","WebGoat\\src\\main\\resources\\lessons\\cryptography\\html\\Cryptography.html","WebGoat\\src\\main\\resources\\lessons\\cryptography\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\csrf\\css\\reviews.css","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_Basic_Get-1.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_ContentType.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_Frameworks.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_GET.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_Get_Flag.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_Impact_Defense.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_JSON.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_Login.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\documentation\\CSRF_Reviews.adoc","WebGoat\\src\\main\\resources\\lessons\\csrf\\html\\CSRF.html","WebGoat\\src\\main\\resources\\lessons\\csrf\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\csrf\\images\\login-csrf.png","WebGoat\\src\\main\\resources\\lessons\\csrf\\js\\csrf-review.js","WebGoat\\src\\main\\resources\\lessons\\csrf\\js\\feedback.js","WebGoat\\src\\main\\resources\\lessons\\deserialization\\documentation\\InsecureDeserialization_GadgetChain.adoc","WebGoat\\src\\main\\resources\\lessons\\deserialization\\documentation\\InsecureDeserialization_Intro.adoc","WebGoat\\src\\main\\resources\\lessons\\deserialization\\documentation\\InsecureDeserialization_SimpleExploit.adoc","WebGoat\\src\\main\\resources\\lessons\\deserialization\\documentation\\InsecureDeserialization_Task.adoc","WebGoat\\src\\main\\resources\\lessons\\deserialization\\documentation\\InsecureDeserialization_WhatIs.adoc","WebGoat\\src\\main\\resources\\lessons\\deserialization\\html\\InsecureDeserialization.html","WebGoat\\src\\main\\resources\\lessons\\deserialization\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\employees.xml","WebGoat\\src\\main\\resources\\lessons\\hijacksession\\documentation\\HijackSession_content0.adoc","WebGoat\\src\\main\\resources\\lessons\\hijacksession\\documentation\\HijackSession_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\hijacksession\\html\\HijackSession.html","WebGoat\\src\\main\\resources\\lessons\\hijacksession\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\hijacksession\\lessonSolutions\\en\\HijackSession_solution.adoc","WebGoat\\src\\main\\resources\\lessons\\hijacksession\\lessonSolutions\\html\\HijackSession.html","WebGoat\\src\\main\\resources\\lessons\\hijacksession\\templates\\hijackform.html","WebGoat\\src\\main\\resources\\lessons\\htmltampering\\documentation\\HtmlTampering_Intro.adoc","WebGoat\\src\\main\\resources\\lessons\\htmltampering\\documentation\\HtmlTampering_Mitigation.adoc","WebGoat\\src\\main\\resources\\lessons\\htmltampering\\documentation\\HtmlTampering_Task.adoc","WebGoat\\src\\main\\resources\\lessons\\htmltampering\\html\\HtmlTampering.html","WebGoat\\src\\main\\resources\\lessons\\htmltampering\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\htmltampering\\images\\samsung.jpg","WebGoat\\src\\main\\resources\\lessons\\httpbasics\\documentation\\HttpBasics_content1.adoc","WebGoat\\src\\main\\resources\\lessons\\httpbasics\\documentation\\HttpBasics_content2.adoc","WebGoat\\src\\main\\resources\\lessons\\httpbasics\\documentation\\HttpBasics_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\httpbasics\\html\\HttpBasics.html","WebGoat\\src\\main\\resources\\lessons\\httpbasics\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\httpbasics\\i18n\\WebGoatLabels_de.properties","WebGoat\\src\\main\\resources\\lessons\\httpbasics\\i18n\\WebGoatLabels_fr.properties","WebGoat\\src\\main\\resources\\lessons\\httpbasics\\i18n\\WebGoatLabels_nl.properties","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\0overview.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\10burp.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\1proxysetupsteps.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\3browsersetup.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\5configurefilterandbreakpoints.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\6assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\7resend.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\8httpsproxy.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\documentation\\9manual.adoc","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\html\\HttpProxies.html","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\breakpoint.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\breakpoint2.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\burpfilter.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\burpfilterclient.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\burpintercept.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\burpintercepted.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\burpproxy.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\burpwarn.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\chrome-manual-proxy-win.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\chrome-manual-proxy.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\firefox-proxy-config.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\firefoxsettingscerts.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\importcerts.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\newlocalhost.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\proxy-intercept-button.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\proxy-intercept-details.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\rootca.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\savecerts.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\zap-exclude.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\zap-history.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\zap-start.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\zap_edit_and_resend.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\zap_edit_and_response.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\zap_edit_and_send.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\zap_exclude.png","WebGoat\\src\\main\\resources\\lessons\\httpproxies\\images\\zap_exclude_url.png","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_editOtherProfile.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_editOwnProfile.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_inputAltPath.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_login.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_mitigation.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_viewDiffs.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_viewOtherProfile.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_viewOwnAltPath.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\IDOR_whatDiffs.adoc","WebGoat\\src\\main\\resources\\lessons\\idor\\documentation\\temp.txt","WebGoat\\src\\main\\resources\\lessons\\idor\\html\\IDOR.html","WebGoat\\src\\main\\resources\\lessons\\idor\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\idor\\js\\idor.js","WebGoat\\src\\main\\resources\\lessons\\insecurelogin\\documentation\\InsecureLogin_Intro.adoc","WebGoat\\src\\main\\resources\\lessons\\insecurelogin\\documentation\\InsecureLogin_Task.adoc","WebGoat\\src\\main\\resources\\lessons\\insecurelogin\\html\\InsecureLogin.html","WebGoat\\src\\main\\resources\\lessons\\insecurelogin\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\insecurelogin\\js\\credentials.js","WebGoat\\src\\main\\resources\\lessons\\jwt\\css\\jwt.css","WebGoat\\src\\main\\resources\\lessons\\jwt\\db\\migration\\V2019_09_25_1__jwt.sql","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_attacks.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_claim_misuse.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_claim_misuse_jku.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_claim_misuse_jku_assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_claim_misuse_kid.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_claim_misuse_kid_assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_decode.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_libraries.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_libraries_assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_libraries_assignment2.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_libraries_solution.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_login_to_token.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_mitigation.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_refresh.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_refresh_assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_signing.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_signing_solution.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_storing.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_structure.adoc","WebGoat\\src\\main\\resources\\lessons\\jwt\\documentation\\JWT_weak_keys","WebGoat\\src\\main\\resources\\lessons\\jwt\\html\\JWT.html","WebGoat\\src\\main\\resources\\lessons\\jwt\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\challenge1-small.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\challenge2-small.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\challenge3-small.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\challenge4-small.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\challenge5-small.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\jerry.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\jwt_diagram.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\jwt_token.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\logs.txt","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\product-icon.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\images\\tom.png","WebGoat\\src\\main\\resources\\lessons\\jwt\\js\\jwt-buy.js","WebGoat\\src\\main\\resources\\lessons\\jwt\\js\\jwt-jku.js","WebGoat\\src\\main\\resources\\lessons\\jwt\\js\\jwt-kid.js","WebGoat\\src\\main\\resources\\lessons\\jwt\\js\\jwt-refresh.js","WebGoat\\src\\main\\resources\\lessons\\jwt\\js\\jwt-voting.js","WebGoat\\src\\main\\resources\\lessons\\jwt\\js\\jwt-weak-keys.js","WebGoat\\src\\main\\resources\\lessons\\jwt\\js\\questions_jwt.json","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\db\\migration\\V2019_11_10_1__introduction.sql","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\documentation\\lesson-template-attack.adoc","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\documentation\\lesson-template-content.adoc","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\documentation\\lesson-template-database.adoc","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\documentation\\lesson-template-glue.adoc","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\documentation\\lesson-template-intro.adoc","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\documentation\\lesson-template-lesson-class.adoc","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\documentation\\lesson-template-video-more.adoc","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\documentation\\lesson-template-video.adoc","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\html\\LessonTemplate.html","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\images\\firefox-proxy-config.png","WebGoat\\src\\main\\resources\\lessons\\lessontemplate\\js\\idor.js","WebGoat\\src\\main\\resources\\lessons\\logging\\documentation\\logging_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\logging\\documentation\\logReading_Task.adoc","WebGoat\\src\\main\\resources\\lessons\\logging\\documentation\\logSpoofing_Task.adoc","WebGoat\\src\\main\\resources\\lessons\\logging\\documentation\\more_logging.adoc","WebGoat\\src\\main\\resources\\lessons\\logging\\documentation\\sensitive_logging_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\logging\\html\\LogSpoofing.html","WebGoat\\src\\main\\resources\\lessons\\logging\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\missingac\\css\\ac.css","WebGoat\\src\\main\\resources\\lessons\\missingac\\db\\migration\\V2021_11_03_1__ac.sql","WebGoat\\src\\main\\resources\\lessons\\missingac\\documentation\\missing-function-ac-01-intro.adoc","WebGoat\\src\\main\\resources\\lessons\\missingac\\documentation\\missing-function-ac-02-client-controls.adoc","WebGoat\\src\\main\\resources\\lessons\\missingac\\documentation\\missing-function-ac-03-users.adoc","WebGoat\\src\\main\\resources\\lessons\\missingac\\documentation\\missing-function-ac-04-users-fixed.adoc","WebGoat\\src\\main\\resources\\lessons\\missingac\\html\\MissingFunctionAC.html","WebGoat\\src\\main\\resources\\lessons\\missingac\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\openredirect\\css\\openredirect.css","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Explained.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Intro.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Prevent.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Quiz.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Task1.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Task2.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Task3.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Task4.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_Token_Mitigations.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\documentation\\OpenRedirect_TokenLeakExamples.adoc","WebGoat\\src\\main\\resources\\lessons\\openredirect\\html\\OpenRedirect.html","WebGoat\\src\\main\\resources\\lessons\\openredirect\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\openredirect\\images\\redirect-flow.svg","WebGoat\\src\\main\\resources\\lessons\\openredirect\\js\\openredirect-task4.js","WebGoat\\src\\main\\resources\\lessons\\openredirect\\js\\questions_openredirect.json","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\css\\password.css","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\documentation\\PasswordReset_host_header.adoc","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\documentation\\PasswordReset_known_questions.adoc","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\documentation\\PasswordReset_mitigation.adoc","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\documentation\\PasswordReset_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\documentation\\PasswordReset_SecurityQuestions.adoc","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\documentation\\PasswordReset_simple.adoc","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\documentation\\PasswordReset_wrong_message.adoc","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\html\\PasswordReset.html","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\images\\reset1.png","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\images\\reset2.png","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\images\\slack1.png","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\images\\slack2.png","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\js\\password-reset-simple.js","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\templates\\password_link_not_found.html","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\templates\\password_reset.html","WebGoat\\src\\main\\resources\\lessons\\passwordreset\\templates\\success.html","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\css\\path_traversal.css","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_retrieval.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_upload.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_upload_fix.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_upload_fixed.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_upload_mitigation.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_upload_remove_user_input.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_zip_slip.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_zip_slip_assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\documentation\\PathTraversal_zip_slip_solution.adoc","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\html\\PathTraversal.html","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\account.png","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\1.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\10.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\2.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\3.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\4.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\5.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\6.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\7.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\8.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\images\\cats\\9.jpg","WebGoat\\src\\main\\resources\\lessons\\pathtraversal\\js\\path_traversal.js","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\documentation\\SecurePasswords_1.adoc","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\documentation\\SecurePasswords_2.adoc","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\documentation\\SecurePasswords_3.adoc","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\documentation\\SecurePasswords_4.adoc","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\documentation\\SecurePasswords_assignment_introduction.adoc","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\documentation\\SecurePasswords_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\html\\SecurePasswords.html","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\i18n\\WebGoatLabels_nl.properties","WebGoat\\src\\main\\resources\\lessons\\securepasswords\\js\\questions_cia.json","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\documentation\\SecurityMisconfiguration_Closing.adoc","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\documentation\\SecurityMisconfiguration_Intro.adoc","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\documentation\\SecurityMisconfiguration_Task1.adoc","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\documentation\\SecurityMisconfiguration_Task2.adoc","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\documentation\\SecurityMisconfiguration_Task3.adoc","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\documentation\\SecurityMisconfiguration_Task4.adoc","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\html\\SecurityMisconfiguration.html","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\js\\security-misconfiguration-task2.js","WebGoat\\src\\main\\resources\\lessons\\securitymisconfiguration\\js\\security-misconfiguration-task3.js","WebGoat\\src\\main\\resources\\lessons\\sol.MD","WebGoat\\src\\main\\resources\\lessons\\sol.txt","WebGoat\\src\\main\\resources\\lessons\\spoofcookie\\documentation\\SpoofCookie_content0.adoc","WebGoat\\src\\main\\resources\\lessons\\spoofcookie\\documentation\\SpoofCookie_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\spoofcookie\\html\\SpoofCookie.html","WebGoat\\src\\main\\resources\\lessons\\spoofcookie\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\spoofcookie\\js\\handler.js","WebGoat\\src\\main\\resources\\lessons\\spoofcookie\\lessonSolutions\\en\\SpoofCookie_solution.adoc","WebGoat\\src\\main\\resources\\lessons\\spoofcookie\\lessonSolutions\\html\\SpoofCookie.html","WebGoat\\src\\main\\resources\\lessons\\spoofcookie\\templates\\spoofcookieform.html","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\css\\assignments.css","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\css\\challenge.css","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\css\\quiz.css","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\db\\migration\\V2019_09_26_1__servers.sql","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\db\\migration\\V2019_09_26_2__users.sql","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\db\\migration\\V2019_09_26_3__salaries.sql","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\db\\migration\\V2019_09_26_4__tan.sql","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\db\\migration\\V2019_09_26_5__challenge_assignment.sql","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\db\\migration\\V2019_09_26_6__user_system_data.sql","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\db\\migration\\V2019_09_26_7__employees.sql","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\db\\migration\\V2021_03_13_8__grant.sql","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_challenge.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content10.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content11.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content12.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content12a.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content12b.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content13.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content14.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content6.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content6a.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content6c.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content7.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content8.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_content9.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content1.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content10.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content11.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content12.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content2.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content3.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content4.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content5_after.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content5_before.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content6.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content7.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content8.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_content9.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_introduction_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_jdbc_completion.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_jdbc_newcode.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_order_by.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjection_quiz.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\documentation\\SqlInjectionAdvanced_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\html\\SqlInjection.html","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\html\\SqlInjectionAdvanced.html","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\html\\SqlInjectionMitigations.html","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\i18n\\WebGoatLabels_de.properties","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\i18n\\WebGoatLabels_fr.properties","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\js\\assignment10b.js","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\js\\assignment13.js","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\js\\challenge.js","WebGoat\\src\\main\\resources\\lessons\\sqlinjection\\js\\questions_sql_injection.json","WebGoat\\src\\main\\resources\\lessons\\ssrf\\documentation\\SSRF_Intro.adoc","WebGoat\\src\\main\\resources\\lessons\\ssrf\\documentation\\SSRF_Prevent.adoc","WebGoat\\src\\main\\resources\\lessons\\ssrf\\documentation\\SSRF_Task1.adoc","WebGoat\\src\\main\\resources\\lessons\\ssrf\\documentation\\SSRF_Task2.adoc","WebGoat\\src\\main\\resources\\lessons\\ssrf\\html\\SSRF.html","WebGoat\\src\\main\\resources\\lessons\\ssrf\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\ssrf\\images\\cat.jpg","WebGoat\\src\\main\\resources\\lessons\\ssrf\\images\\jerry.png","WebGoat\\src\\main\\resources\\lessons\\ssrf\\images\\tom.png","WebGoat\\src\\main\\resources\\lessons\\ssrf\\js\\credentials.js","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content0.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content1.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content1a.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content2.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content2a.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content3.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content4.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content4a.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content4b.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content4c.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content5.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content5a.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_content6.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\documentation\\VulnerableComponents_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\html\\VulnerableComponents.html","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\images\\Old-Components.png","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\images\\OpenSourceGrowing2023.png","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\images\\OWASP-Dep-Check.png","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\images\\Risk-of-Old-Components.png","WebGoat\\src\\main\\resources\\lessons\\vulnerablecomponents\\images\\WebGoat-Vulns.png","WebGoat\\src\\main\\resources\\lessons\\webgoatintroduction\\documentation\\Introduction.adoc","WebGoat\\src\\main\\resources\\lessons\\webgoatintroduction\\documentation\\Introduction_de.adoc","WebGoat\\src\\main\\resources\\lessons\\webgoatintroduction\\documentation\\Introduction_fr.adoc","WebGoat\\src\\main\\resources\\lessons\\webgoatintroduction\\documentation\\Introduction_nl.adoc","WebGoat\\src\\main\\resources\\lessons\\webgoatintroduction\\html\\WebGoatIntroduction.html","WebGoat\\src\\main\\resources\\lessons\\webgoatintroduction\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\webgoatintroduction\\images\\wg_logo.png","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\documentation\\IntroductionWebWolf.adoc","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\documentation\\Landing_page.adoc","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\documentation\\Receiving_mail.adoc","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\documentation\\Uploading_files.adoc","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\html\\WebWolfIntroduction.html","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\images\\files.png","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\images\\mailbox.png","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\images\\requests.png","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\images\\wolf-enabled.png","WebGoat\\src\\main\\resources\\lessons\\webwolfintroduction\\templates\\webwolfPasswordReset.html","WebGoat\\src\\main\\resources\\lessons\\xss\\css\\stored-xss.css","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content1.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content2.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content3.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content4.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content5.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content5a.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content5b.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content6.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content6a.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content6b.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content7-off.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content7.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content7b.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content7c.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content8.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content8a.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content8b.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content8c.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_content9.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScripting_quiz.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScriptingMitigation_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\documentation\\CrossSiteScriptingStored_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\xss\\html\\CrossSiteScripting.html","WebGoat\\src\\main\\resources\\lessons\\xss\\html\\CrossSiteScriptingMitigation.html","WebGoat\\src\\main\\resources\\lessons\\xss\\html\\CrossSiteScriptingStored.html","WebGoat\\src\\main\\resources\\lessons\\xss\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\xss\\images\\avatar1.png","WebGoat\\src\\main\\resources\\lessons\\xss\\images\\Reflected-XSS.png","WebGoat\\src\\main\\resources\\lessons\\xss\\images\\Stored-XSS.png","WebGoat\\src\\main\\resources\\lessons\\xss\\js\\assignment3.js","WebGoat\\src\\main\\resources\\lessons\\xss\\js\\assignment4.js","WebGoat\\src\\main\\resources\\lessons\\xss\\js\\questions_cross_site_scripting.json","WebGoat\\src\\main\\resources\\lessons\\xss\\js\\stored-xss.js","WebGoat\\src\\main\\resources\\lessons\\xxe\\css\\xxe.css","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\temp.txt","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_blind.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_blind_assignment.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_changing_content_type.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_changing_content_type_solution.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_code.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_intro.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_mitigation.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_overflow.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_plan.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_simple.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_simple_introduction.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_simple_solution.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\documentation\\XXE_static_code_analysis.adoc","WebGoat\\src\\main\\resources\\lessons\\xxe\\html\\XXE.html","WebGoat\\src\\main\\resources\\lessons\\xxe\\i18n\\WebGoatLabels.properties","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\avatar1.png","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\cat.jpg","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\etc_password.png","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\example.dtd","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\sonar-issue-xxe.png","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\sonar-issues.png","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\wolf-enabled.png","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\xxe-parser-java.png","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\xxe-parser.png","WebGoat\\src\\main\\resources\\lessons\\xxe\\images\\xxe-suggested-fix.png","WebGoat\\src\\main\\resources\\lessons\\xxe\\js\\xxe.js","WebGoat\\src\\main\\resources\\lessons\\xxe\\secret.txt","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\animate.css","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\asciidoctor-default.css","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\coderay.css","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\font-awesome.min.css","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\appseceu-17.png","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\cnlang.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\delang.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\enlang.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\eslang.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\favicon.ico","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\frlang.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\logo.png","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\logoBG.jpg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\nllang.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\owasp_logo.jpg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\solution.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\webBg.png","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\img\\wolf.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\layers.css","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\main.css","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\menu.css","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\quiz.css","WebGoat\\src\\main\\resources\\webgoat\\static\\css\\webgoat.css","WebGoat\\src\\main\\resources\\webgoat\\static\\fonts\\fontawesome-webfont.eot","WebGoat\\src\\main\\resources\\webgoat\\static\\fonts\\fontawesome-webfont.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\fonts\\fontawesome-webfont.ttf","WebGoat\\src\\main\\resources\\webgoat\\static\\fonts\\fontawesome-webfont.woff","WebGoat\\src\\main\\resources\\webgoat\\static\\fonts\\FontAwesome.otf","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\application.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\controller\\LessonController.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\controller\\MenuController.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\goatApp.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\AssignmentStatusModel.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\HintCollection.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\HintModel.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\HTMLContentModel.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\LabelDebugModel.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\LessonContentModel.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\LessonInfoModel.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\LessonOverviewCollection.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\MenuCollection.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\MenuData.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\MenuModel.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\model\\ReportCardModel.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\support\\CustomGoat.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\support\\goatAsyncErrorHandler.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\support\\goatConstants.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\support\\GoatUtils.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\lesson_overview.html","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\paging_controls.html","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\templates\\report_card.html","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\ErrorNotificationView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\GoatRouter.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\HelpControlsView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\HintView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\LessonContentView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\MenuButtonView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\MenuItemView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\MenuView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\PaginationControlView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\ReportCardView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\TitleView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\goatApp\\view\\UserAndInfoView.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\jquery_form\\jquery.form.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\ace.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\backbone-min.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery-ui-1.10.4.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery.form.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\mode-java.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\text.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\theme-monokai.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\underscore-min.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\main.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\quiz.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\search.js","WebGoat\\src\\main\\resources\\webgoat\\static\\js\\toggle.js","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap\\css\\bootstrap.min.css","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap\\fonts\\glyphicons-halflings-regular.eot","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap\\fonts\\glyphicons-halflings-regular.svg","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap\\fonts\\glyphicons-halflings-regular.ttf","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap\\fonts\\glyphicons-halflings-regular.woff","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-slider\\css\\slider.css","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-slider\\js\\bootstrap-slider.js","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-wysihtml5\\css\\bootstrap-wysihtml5.css","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-wysihtml5\\css\\bootstrap3-wysiwyg5-color.css","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-wysihtml5\\js\\bootstrap3-wysihtml5.js","WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-wysihtml5\\js\\wysihtml5-0.3.0.js","WebGoat\\src\\main\\resources\\webgoat\\templates\\about.html","WebGoat\\src\\main\\resources\\webgoat\\templates\\lesson_content.html","WebGoat\\src\\main\\resources\\webgoat\\templates\\login.html","WebGoat\\src\\main\\resources\\webgoat\\templates\\main_new.html","WebGoat\\src\\main\\resources\\webgoat\\templates\\registration.html","WebGoat\\src\\main\\resources\\webwolf\\static\\css\\bootstrap-icons.css","WebGoat\\src\\main\\resources\\webwolf\\static\\css\\fonts\\bootstrap-icons.woff","WebGoat\\src\\main\\resources\\webwolf\\static\\css\\fonts\\bootstrap-icons.woff2","WebGoat\\src\\main\\resources\\webwolf\\static\\css\\img\\webwolf.ico","WebGoat\\src\\main\\resources\\webwolf\\static\\css\\webwolf.css","WebGoat\\src\\main\\resources\\webwolf\\static\\images\\wolf.png","WebGoat\\src\\main\\resources\\webwolf\\static\\images\\wolf.svg","WebGoat\\src\\main\\resources\\webwolf\\static\\js\\fileUpload.js","WebGoat\\src\\main\\resources\\webwolf\\static\\js\\jwt.js","WebGoat\\src\\main\\resources\\webwolf\\static\\js\\mail.js","WebGoat\\src\\main\\resources\\webwolf\\templates\\error.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\files.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\fragments\\footer.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\fragments\\header.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\home.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\jwt.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\mailbox.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\registration.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\requests.html","WebGoat\\src\\main\\resources\\webwolf\\templates\\webwolf-login.html"]},"time":{"rules":[],"rules_parse_time":0.7771866321563721,"profiling_times":{"config_time":2.930386543273926,"core_time":55.597827672958374,"ignores_time":0.0006539821624755859,"total_time":58.52973747253418},"parsing_time":{"total_time":0.0,"per_file_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"scanning_time":{"total_time":160.0862922668457,"per_file_time":{"mean":0.04237329070059442,"std_dev":0.4077865084367167},"very_slow_stats":{"time_ratio":0.5612034607890485,"count_ratio":0.004235044997353097},"very_slow_files":[{"fpath":"lesson-03\\demo-01-oauth-tests\\oauth-security-tests.js","ftime":2.1891865730285645},{"fpath":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\jquery_form\\jquery.form.js","ftime":2.4175314903259277},{"fpath":"lesson-03\\demo-02-fuzzing\\fuzzer.js","ftime":2.789860963821411},{"fpath":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\mode-java.js","ftime":2.96311092376709},{"fpath":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery.form.js","ftime":3.781029462814331},{"fpath":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\backbone-min.js","ftime":4.433025360107422},{"fpath":"NodeGoat\\package-lock.json","ftime":5.092263221740723},{"fpath":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\ace.js","ftime":6.503325700759888},{"fpath":"WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-wysihtml5\\js\\wysihtml5-0.3.0.js","ftime":13.92508053779602},{"fpath":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery-ui-1.10.4.js","ftime":34.31944394111633}]},"matching_time":{"total_time":0.0,"per_file_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_files":[]},"tainting_time":{"total_time":0.0,"per_def_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_defs":[]},"fixpoint_timeouts":[{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at PyGoat\\PyGoatBot.py:1:0 [rules: 1, first: python.boto3.security.hardcoded-token.hardcoded-token]","location":{"path":"PyGoat\\PyGoatBot.py","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge7\\MD5.java:646:22 [rules: 1, first: java.spring.security.injection.tainted-file-path.tainted-file-path]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\challenges\\challenge7\\MD5.java","start":{"line":646,"col":23,"offset":17880},"end":{"line":646,"col":32,"offset":17889}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\JWTRefreshEndpoint.java:85:38 [rules: 1, first: java.spring.security.injection.tainted-html-string.tainted-html-string]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\jwt\\JWTRefreshEndpoint.java","start":{"line":85,"col":39,"offset":3322},"end":{"line":85,"col":47,"offset":3330}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectMitigationCheck.java:33:22 [rules: 1, first: java.spring.security.injection.tainted-file-path.tainted-file-path]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\openredirect\\OpenRedirectMitigationCheck.java","start":{"line":33,"col":23,"offset":1379},"end":{"line":33,"col":28,"offset":1384}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileUploadRetrieval.java:92:27 [rules: 2, first: java.lang.security.audit.sqli.tainted-sql-from-http-request.tainted-sql-from-http-request]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\pathtraversal\\ProfileUploadRetrieval.java","start":{"line":92,"col":28,"offset":3676},"end":{"line":92,"col":45,"offset":3693}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson5b.java:44:25 [rules: 2, first: java.spring.security.injection.tainted-system-command.tainted-system-command]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson5b.java","start":{"line":44,"col":26,"offset":1591},"end":{"line":44,"col":41,"offset":1606}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson8.java:47:25 [rules: 1, first: java.lang.security.audit.formatted-sql-string.formatted-sql-string]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\introduction\\SqlInjectionLesson8.java","start":{"line":47,"col":26,"offset":1748},"end":{"line":47,"col":56,"offset":1778}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\Servers.java:45:22 [rules: 1, first: java.spring.security.injection.tainted-file-path.tainted-file-path]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\Servers.java","start":{"line":45,"col":23,"offset":1311},"end":{"line":45,"col":27,"offset":1315}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\SqlInjectionLesson10b.java:44:22 [rules: 2, first: java.spring.security.injection.tainted-sql-string.tainted-sql-string]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\sqlinjection\\mitigation\\SqlInjectionLesson10b.java","start":{"line":44,"col":23,"offset":1696},"end":{"line":44,"col":32,"offset":1705}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\mitigation\\CrossSiteScriptingLesson3.java:32:22 [rules: 1, first: java.spring.security.injection.tainted-file-path.tainted-file-path]","location":{"path":"WebGoat\\src\\main\\java\\org\\owasp\\webgoat\\lessons\\xss\\mitigation\\CrossSiteScriptingLesson3.java","start":{"line":32,"col":23,"offset":1194},"end":{"line":32,"col":32,"offset":1203}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\jquery_form\\jquery.form.js:1:0 [rules: 3, first: javascript.express.security.cors-misconfiguration.cors-misconfiguration]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\jquery_form\\jquery.form.js","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\jquery_form\\jquery.form.js:350:13 [rules: 1, first: javascript.express.security.express-insecure-template-usage.express-insecure-template-usage]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\jquery_form\\jquery.form.js","start":{"line":350,"col":14,"offset":11738},"end":{"line":350,"col":30,"offset":11754}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\jquery_form\\jquery.form.js:618:17 [rules: 2, first: javascript.lang.security.detect-eval-with-expression.detect-eval-with-expression]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\jquery_form\\jquery.form.js","start":{"line":618,"col":18,"offset":21515},"end":{"line":618,"col":20,"offset":21517}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\backbone-min.js:1:0 [rules: 11, first: javascript.express.security.audit.express-ssrf.express-ssrf]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\backbone-min.js","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery-ui-1.10.4.js:1:0 [rules: 1, first: javascript.browser.security.raw-html-concat.raw-html-concat]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery-ui-1.10.4.js","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery.form.js:1:0 [rules: 7, first: javascript.express.security.express-insecure-template-usage.express-insecure-template-usage]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery.form.js","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery.form.js:350:13 [rules: 1, first: javascript.lang.security.audit.code-string-concat.code-string-concat]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery.form.js","start":{"line":350,"col":14,"offset":11738},"end":{"line":350,"col":30,"offset":11754}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery.form.js:508:17 [rules: 1, first: javascript.browser.security.raw-html-concat.raw-html-concat]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\jquery.form.js","start":{"line":508,"col":18,"offset":17190},"end":{"line":508,"col":26,"offset":17198}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\text.js:1:0 [rules: 5, first: javascript.express.security.injection.raw-html-format.raw-html-format]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\js\\libs\\text.js","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-wysihtml5\\js\\wysihtml5-0.3.0.js:1:0 [rules: 15, first: javascript.express.security.express-insecure-template-usage.express-insecure-template-usage]","location":{"path":"WebGoat\\src\\main\\resources\\webgoat\\static\\plugins\\bootstrap-wysihtml5\\js\\wysihtml5-0.3.0.js","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at lesson-01\\demo-02-sql-injection\\secure\\api.js:1:0 [rules: 4, first: javascript.express.security.x-frame-options-misconfiguration.x-frame-options-misconfiguration]","location":{"path":"lesson-01\\demo-02-sql-injection\\secure\\api.js","start":{"line":1,"col":1,"offset":0},"end":{"line":1,"col":1,"offset":0}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at lesson-01\\demo-03-xss\\secure-react-app\\UserProfile.jsx:44:9 [rules: 2, first: typescript.react.security.audit.react-dangerouslysetinnerhtml.react-dangerouslysetinnerhtml]","location":{"path":"lesson-01\\demo-03-xss\\secure-react-app\\UserProfile.jsx","start":{"line":44,"col":10,"offset":1349},"end":{"line":44,"col":21,"offset":1360}}},{"error_type":"Fixpoint timeout","severity":"warn","message":"Fixpoint timeout while performing taint analysis at lesson-01\\demo-03-xss\\vulnerable-react-app\\UserProfile.jsx:23:9 [rules: 4, first: javascript.express.security.x-frame-options-misconfiguration.x-frame-options-misconfiguration]","location":{"path":"lesson-01\\demo-03-xss\\vulnerable-react-app\\UserProfile.jsx","start":{"line":23,"col":10,"offset":719},"end":{"line":23,"col":21,"offset":730}}}],"prefiltering":{"project_level_time":0.0,"file_level_time":0.0,"rules_with_project_prefilters_ratio":0.0,"rules_with_file_prefilters_ratio":0.9675440530842171,"rules_selected_ratio":0.11921897239540524,"rules_matched_ratio":0.11921897239540524},"targets":[],"total_bytes":0,"max_memory_bytes":3070432192},"engine_requested":"OSS","skipped_rules":[],"profiling_results":[]}