From 9d9929b956ffed1186946504447b8ea4526e2dee Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 3 Feb 2025 16:06:33 +0000 Subject: [PATCH 1/9] Update versions in application files --- components/package.json | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/package.json b/components/package.json index ce9f1de104e..559dcab7c3f 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.43.0", + "version": "2.44.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 7f2793f05ea..ad71d52463b 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.43.0" +appVersion: "2.44.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.171 +version: 1.6.172-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From db716412cb9549ad34b9f414764646d248df0317 Mon Sep 17 00:00:00 2001 From: valentijnscholten Date: Thu, 6 Feb 2025 18:03:15 +0100 Subject: [PATCH 2/9] apispec: sla_days_remainig can be null (#11701) --- dojo/api_v2/serializers.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index 1ee3a000d30..4ec1e1530c8 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -1719,7 +1719,7 @@ class FindingSerializer(TaggitSerializer, serializers.ModelSerializer): ) push_to_jira = serializers.BooleanField(default=False) age = serializers.IntegerField(read_only=True) - sla_days_remaining = serializers.IntegerField(read_only=True) + sla_days_remaining = serializers.IntegerField(read_only=True, allow_null=True) finding_meta = FindingMetaSerializer(read_only=True, many=True) related_fields = serializers.SerializerMethodField(allow_null=True) # for backwards compatibility From fc33d9509a15f370b762816b337e4f0369af8e13 Mon Sep 17 00:00:00 2001 From: valentijnscholten Date: Thu, 6 Feb 2025 18:03:35 +0100 Subject: [PATCH 3/9] dashboard: last 7 days should be 7 days (#11702) * dashboard: last 7 days should be 7 days * unit test update * unit test update * unit test update --- dojo/home/views.py | 2 +- unittests/test_dashboard.py | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/dojo/home/views.py b/dojo/home/views.py index 3f5c5870d0a..953265233b7 100644 --- a/dojo/home/views.py +++ b/dojo/home/views.py @@ -30,7 +30,7 @@ def dashboard(request: HttpRequest) -> HttpResponse: today = timezone.now().date() - date_range = [today - timedelta(days=6), today] # 7 days (6 days plus today) + date_range = [today - timedelta(days=7), today] # 7 days plus today, identical to last 7 days filter in other places finding_count = findings\ .filter(date__range=date_range)\ .count() diff --git a/unittests/test_dashboard.py b/unittests/test_dashboard.py index 35e3eabbde6..853dbe1a07c 100644 --- a/unittests/test_dashboard.py +++ b/unittests/test_dashboard.py @@ -117,9 +117,9 @@ def test_counters_as_staff(self): response = self._request("admin") self.assertEqual(3, response.context["engagement_count"]) - self.assertEqual(4, response.context["finding_count"]) - self.assertEqual(2, response.context["mitigated_count"]) - self.assertEqual(2, response.context["accepted_count"]) + self.assertEqual(11, response.context["finding_count"]) + self.assertEqual(3, response.context["mitigated_count"]) + self.assertEqual(3, response.context["accepted_count"]) def test_counters_as_user(self): self._setup_test_counters_findings(product_id=2) @@ -128,9 +128,9 @@ def test_counters_as_user(self): response = self._request("user1") self.assertEqual(3, response.context["engagement_count"]) - self.assertEqual(4, response.context["finding_count"]) - self.assertEqual(2, response.context["mitigated_count"]) - self.assertEqual(2, response.context["accepted_count"]) + self.assertEqual(11, response.context["finding_count"]) + self.assertEqual(3, response.context["mitigated_count"]) + self.assertEqual(3, response.context["accepted_count"]) def _setup_test_charts_findings(self, product_id: int): when = self.year_ago From 5adeb0b3ce88b32e7d940ed1f2763e2f314e3fe4 Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Thu, 6 Feb 2025 18:15:51 +0100 Subject: [PATCH 4/9] :tada: add MGASA vulnid (#11668) --- dojo/settings/settings.dist.py | 1 + 1 file changed, 1 insertion(+) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 7d5cd549803..9326c1d4fa4 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1769,6 +1769,7 @@ def saml2_attrib_map_format(dict): "GHSA-": "https://github.com/advisories/", # e.g. https://github.com/advisories/GHSA-58vj-cv5w-v4v6 "GLSA": "https://security.gentoo.org/", # e.g. https://security.gentoo.org/glsa/202409-32 "KHV": "https://avd.aquasec.com/misconfig/kubernetes/", # e.g. https://avd.aquasec.com/misconfig/kubernetes/khv045 + "MGASA-": "https://advisories.mageia.org/&&.html", # e.g. https://advisories.mageia.org/MGASA-2025-0023.html "OSV-": "https://osv.dev/vulnerability/", # e.g. https://osv.dev/vulnerability/OSV-2024-1330 "PYSEC-": "https://osv.dev/vulnerability/", # e.g. https://osv.dev/vulnerability/PYSEC-2024-48 "RHBA-": "https://access.redhat.com/errata/", # e.g. https://access.redhat.com/errata/RHBA-2024:2406 From 597778f5d38dcd74218f31284e0bd8e66a0ea22e Mon Sep 17 00:00:00 2001 From: catshapednoodles Date: Fri, 7 Feb 2025 17:38:34 +0100 Subject: [PATCH 5/9] render config value to string instead of an object (#11764) Co-authored-by: Sicco de Haan --- dojo/settings/settings.dist.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 9326c1d4fa4..5cfce07a0ad 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -947,7 +947,7 @@ def saml2_attrib_map_format(dict): "entityid": str(SAML2_ENTITY_ID), # directory with attribute mapping - "attribute_map_dir": Path(BASEDIR) / "attribute-maps", + "attribute_map_dir": str(Path(BASEDIR) / "attribute-maps"), # do now discard attributes not specified in attribute-maps "allow_unknown_attributes": SAML_ALLOW_UNKNOWN_ATTRIBUTES, # this block states what services we provide From 54c4a9cf4f90d263f54ab84b2881ae31f8e38557 Mon Sep 17 00:00:00 2001 From: valentijnscholten Date: Fri, 7 Feb 2025 17:46:46 +0100 Subject: [PATCH 6/9] fix broken links (#11762) --- .../user_management/configure_sso.md | 86 +++++++++---------- .../integrations/social-authentication.md | 62 ++++++------- docs/content/en/open_source/rate_limiting.md | 14 +-- 3 files changed, 81 insertions(+), 81 deletions(-) diff --git a/docs/content/en/customize_dojo/user_management/configure_sso.md b/docs/content/en/customize_dojo/user_management/configure_sso.md index b6c6bde825c..f938ed93f5d 100644 --- a/docs/content/en/customize_dojo/user_management/configure_sso.md +++ b/docs/content/en/customize_dojo/user_management/configure_sso.md @@ -17,7 +17,7 @@ Users can connect to DefectDojo with a Username and Password, but if you prefer, All of these methods can only be configured by a Superuser in DefectDojo. DefectDojo Pro users can quickly set up SSO through their system settings, while Open Source users will need to configure these settings on the back-end via the local_settings.py file. This article covers both methods of configuration. ## Disable username / password use -You may wish to disable traditional username/password login on your instance. +You may wish to disable traditional username/password login on your instance. DefectDojo Pro users can uncheck the "Allow Login via Username and Password" box on the Login Settings form: **Enterprise Settings > Login Settings**. @@ -68,7 +68,7 @@ Both DefectDojo Pro ### Open-Source -Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../os_getting_started/configuration)). +Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../open_source/installation/configuration/)). 1. Fill out the variables as follows: {{< highlight python >}} @@ -141,7 +141,7 @@ When a user is removed from a given group in Azure AD, they will also be removed ### Open-Source -Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../os_getting_started/configuration)). +Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../open_source/installation/configuration)). 1. Add the following information to the settings file: @@ -155,7 +155,7 @@ Open-Source users will need to map these variables in the local_settings.py file 2. Restart DefectDojo, and you should now see a **Login with Azure AD** button on the login page. #### Open-Source Azure Group Mapping -To import groups from Azure AD users, the following environment variable needs to be set: +To import groups from Azure AD users, the following environment variable needs to be set: {{< highlight python >}} DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GET_GROUPS=True @@ -170,7 +170,7 @@ If unsure of what type that is, select `All Groups`. Do not activate `Emit group Application API permissions need to be updated with the `Group.Read.All` permission so that groups can be read on behalf of the user that has successfully signed in. To limit the amount of groups imported from Azure AD, a regular expression can be used as the following: - + {{< highlight python >}} DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GROUPS_FILTER='^team-.*' # or 'teamA|teamB|groupC' {{< /highlight >}} @@ -208,24 +208,24 @@ Both DefectDojo Pro - **GitHub Enterprise OAuth Secret**: enter your GitHub Enterprise Client Secret - **GitHub Enterprise URL**: enter the GitHub URL for your organization, likely `https://github..com/` - **GitHub Enterprise API URL**: enter the URL for your organization's GitHub API (e.g. `https://github..com/api/v3/`) - + 2. Check off the box for 'Enable GitHub Enterprise OAuth'. Submit the form, and 'Login With GitHub' should now be visible on the login page. ### Open-Source -Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../os_getting_started/configuration)). +Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../open_source/installation/configuration)). 1. Add the following variables to your `local_settings.py` file: - {{< highlight python >}} - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, 'GitHub Enterprise OAuth App Client ID'), - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, 'GitHub Enterprise OAuth App Client Secret'), - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL=(str, 'https://github..com/'), - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL=(str, 'https://github..com/api/v3/'), - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_OAUTH2_ENABLED = True, + {{< highlight python >}} + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, 'GitHub Enterprise OAuth App Client ID'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, 'GitHub Enterprise OAuth App Client Secret'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL=(str, 'https://github..com/'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL=(str, 'https://github..com/api/v3/'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_OAUTH2_ENABLED = True, {{< /highlight >}} 2. Restart DefectDojo, and you should now see a **Login with GitHub Enterprise** - button on the login page. + button on the login page. ## GitLab @@ -259,7 +259,7 @@ Follow along below. ### Open-Source -Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../os_getting_started/configuration)). +Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../open_source/installation/configuration)). 1. Add the following variables to your `local_settings.py` file: {{< highlight python >}} @@ -277,7 +277,7 @@ Open-Source users will need to map these variables in the local_settings.py file {{< /highlight >}} **Important:** if you enable this setting on already working instance with a GitLab integrations, it will require new grant "read_repository" by user - + 2. Restart DefectDojo, and you should now see a **Login with Gitlab** button on the login page. ## Google Auth @@ -320,7 +320,7 @@ In order to use Google Authentication, a Google Authentication Server will need ### Open-Source -Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../os_getting_started/configuration)). +Open-Source users will need to map these variables in the local_settings.py file. (see [Configuration](../../open_source/installation/configuration)). 1. Add the following variables to your `local_settings.py` file: @@ -336,7 +336,7 @@ Open-Source users will need to map these variables in the local_settings.py file DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = ['example.com', 'example.org'] {{< /highlight >}} - As an environment variable: + As an environment variable: {{< highlight python >}} DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = example.com,example.org @@ -348,7 +348,7 @@ Open-Source users will need to map these variables in the local_settings.py file DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = [''] {{< /highlight >}} - As an environment variable: + As an environment variable: {{< highlight python >}} DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = email@example.com,email2@example.com @@ -374,7 +374,7 @@ This guide assumes you already have a KeyCloak Realm set up. If not, you will n 3. Under `Scope` -> `Full Scope Allowed` set to `off`. -4. Under `mappers` -> add a custom mapper here: +4. Under `mappers` -> add a custom mapper here: * Name: `aud` * Mapper type: `audience` * Included audience: select your client/client-id here @@ -403,7 +403,7 @@ This guide assumes you already have a KeyCloak Realm set up. If not, you will n ### Open-Source -Edit the local_settings.py file (see [Configuration](../../os_getting_started/configuration)) with the following information: +Edit the local_settings.py file (see [Configuration](../../open_source/installation/configuration)) with the following information: 1. {{< highlight python >}} DD_SESSION_COOKIE_SECURE=True, @@ -411,13 +411,13 @@ Edit the local_settings.py file (see [Configuration](../../os_getting_started/co DD_SECURE_SSL_REDIRECT=True, DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED=True, DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY=(str, ''), - DD_SOCIAL_AUTH_KEYCLOAK_KEY=(str, ''), - DD_SOCIAL_AUTH_KEYCLOAK_SECRET=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_KEY=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_SECRET=(str, ''), DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL=(str, ''), - DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=(str, '') + DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=(str, '') {{< /highlight >}} - -or, alternatively, for helm configuration, add this to the `extraConfig` section: + +or, alternatively, for helm configuration, add this to the `extraConfig` section: ```yaml DD_SESSION_COOKIE_SECURE: 'True' @@ -431,7 +431,7 @@ DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: '' DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL: '' ``` -Optionally, you *can* set `DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT` in order to customize the login button's text caption. +Optionally, you *can* set `DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT` in order to customize the login button's text caption. 2. Restart DefectDojo, and `Login With ____` (your login button text) will be added as an option to the Login menu. @@ -445,7 +445,7 @@ Both DefectDojo Pro 1. Navigate to the following address and either create a new account, or login with an existing one: [Okta Account Creation](https://www.okta.com/developer/signup/) - + 2. Once logged in, enter the **Applications** and click **Add Application**: @@ -489,7 +489,7 @@ Both DefectDojo Pro ### Open-Source -1. Edit the local_settings.py file (see [Configuration](../../os_getting_started/configuration)) with the following: +1. Edit the local_settings.py file (see [Configuration](../../open_source/installation/configuration)) with the following: {{< highlight python >}} DD_SOCIAL_AUTH_OKTA_OAUTH2_ENABLED=True, @@ -515,27 +515,27 @@ GET parameter starts with `http://` instead of ![image](images/sso_betaui_1.png) -2. Complete the SAML form. Start by setting an **Entity ID** \- this is either a label or a URL which your SAML Identity Provider can point to, and use to identify DefectDojo. This is a required field. +2. Complete the SAML form. Start by setting an **Entity ID** \- this is either a label or a URL which your SAML Identity Provider can point to, and use to identify DefectDojo. This is a required field. ​ -3. If you wish, set **Login Button Text** in DefectDojo. This text will appear on the button or link users click to initiate the login process. +3. If you wish, set **Login Button Text** in DefectDojo. This text will appear on the button or link users click to initiate the login process. ​ -4. You can also set a **Logout URL** to redirect your users to once they have logged out of DefectDojo. +4. You can also set a **Logout URL** to redirect your users to once they have logged out of DefectDojo. ​ -5. The **Name ID Format** has four options: Persistent, Transient, Entity and Encrypted. -​ - - If you would prefer that users have a different SAML ID each time they access - DefectDojo, choose **Transient**. - - If you want your users to be consistently identified by SAML, use **Persistent.** - - If you’re ok with all of your users sharing a SAML NameID, you can select **Entity.** +5. The **Name ID Format** has four options: Persistent, Transient, Entity and Encrypted. +​ + - If you would prefer that users have a different SAML ID each time they access + DefectDojo, choose **Transient**. + - If you want your users to be consistently identified by SAML, use **Persistent.** + - If you’re ok with all of your users sharing a SAML NameID, you can select **Entity.** - If you would like to encrypt each user’s NameID, you can use **Encrypted** as your NameID format. ​ -6. **Required Attributes** are the attributes that DefectDojo requires from the SAML response. +6. **Required Attributes** are the attributes that DefectDojo requires from the SAML response. +​ +7. **Attribute Mapping** contains a formula for how you want these attributes to be matched to a user. For example, if your SAML response returns an email, you can associate it with a DefectDojo user with the formula **email=email**. ​ -7. **Attribute Mapping** contains a formula for how you want these attributes to be matched to a user. For example, if your SAML response returns an email, you can associate it with a DefectDojo user with the formula **email=email**. -​ The left side of the ‘=’ sign represents the attribute you want to map from the SAML response. The right side is a user’s field in DefectDojo, which you want this attribute to map to. ​ -8. **Remote SAML Metadata** is the URL where your SAML Identity Provider is located. +8. **Remote SAML Metadata** is the URL where your SAML Identity Provider is located. ​ 9. Finally, check the **Enable SAML** checkbox at the bottom of this form to confirm that you want to use SAML to log in. Once this is enabled, you will see the **Login With SAML** button on the DefectDojo Login Page. @@ -558,7 +558,7 @@ The left side of the ‘=’ sign represents the attribute you want to map from ### Open-Source SAML 1. Navigate to your SAML IdP and find your metadata. -2. Edit the local_settings.py file (see [Configuration](../../os_getting_started/configuration)) with the following information: +2. Edit the local_settings.py file (see [Configuration](../../open_source/installation/configuration)) with the following information: {{< highlight python >}} DD_SAML2_ENABLED=(bool, **True**), diff --git a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md index 5536c195627..c7ff625a8f4 100644 --- a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md +++ b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md @@ -21,7 +21,7 @@ leverage Auth0 to authenticate users on DefectDojo. - Domain - Client ID - Client Secret -4. Now, edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following +4. Now, edit the settings (see [Configuration](../../open_source/installation/configuration)) with the following information: {{< highlight python >}} @@ -72,7 +72,7 @@ to be created. Closely follow the steps below to guarantee success. ![image](images/google_3.png) -7. Edit the settings (see [Configuration](../../os_getting_started/configuration) with the following +7. Edit the settings (see [Configuration](../../open_source/installation/configuration) with the following information: {{< highlight python >}} @@ -87,7 +87,7 @@ to be created. Closely follow the steps below to guarantee success. DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = ['example.com', 'example.org'] {{< /highlight >}} - As an environment variable: + As an environment variable: {{< highlight python >}} DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_DOMAINS = example.com,example.org @@ -99,7 +99,7 @@ to be created. Closely follow the steps below to guarantee success. DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = [''] {{< /highlight >}} - As an environment variable: + As an environment variable: {{< highlight python >}} DD_SOCIAL_AUTH_GOOGLE_OAUTH2_WHITELISTED_EMAILS = email@example.com,email2@example.com @@ -142,7 +142,7 @@ carries the same attributes and a similar procedure. Follow along below. ![image](images/okta_5.png) -8. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following +8. Edit the settings (see [Configuration](../../open_source/installation/configuration)) with the following information: {{< highlight python >}} @@ -190,7 +190,7 @@ user, such as 'superuser'. - **OR** - **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/azuread-tenant-oauth2/** -4. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following +4. Edit the settings (see [Configuration](../../open_source/installation/configuration)) with the following information: {{< highlight python >}} @@ -204,7 +204,7 @@ user, such as 'superuser'. button on the login page which should *magically* work ### Automatic Import of User-Groups -To import groups from Azure AD users, the following environment variable needs to be set: +To import groups from Azure AD users, the following environment variable needs to be set: {{< highlight python >}} DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GET_GROUPS=True @@ -213,16 +213,16 @@ To import groups from Azure AD users, the following environment variable needs t This will ensure the user is added to all the groups found in the Azure AD Token. Any missing groups will be created in DefectDojo (unless filtered). This group synchronization allows for product access via groups to limit the products a user can interact with. The Azure AD token returned by Azure will also need to be configured to include group IDs. Without this step, the -token will not contain any notion of a group, and the mapping process will report that the current user is not a member of any +token will not contain any notion of a group, and the mapping process will report that the current user is not a member of any groups. To update the format of the token, add a group claim that applies to whatever group type you are using. -If unsure of what type that is, select `All Groups`. Do not activate `Emit groups as role claims` within the Azure AD +If unsure of what type that is, select `All Groups`. Do not activate `Emit groups as role claims` within the Azure AD "Token configuration" page. Application API permissions need to be updated with the `Group.Read.All` permission so that groups can be read on behalf of the user that has successfully signed in. To limit the amount of groups imported from Azure AD, a regular expression can be used as the following: - + {{< highlight python >}} DD_SOCIAL_AUTH_AZUREAD_TENANT_OAUTH2_GROUPS_FILTER='^team-.*' # or 'teamA|teamB|groupC' {{< /highlight >}} @@ -257,7 +257,7 @@ Follow along below. - **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/gitlab/** -4. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following +4. Edit the settings (see [Configuration](../../open_source/installation/configuration)) with the following information: {{< highlight python >}} @@ -275,7 +275,7 @@ Follow along below. {{< /highlight >}} **Important:** if you enable this setting on already working instance with gitlab integrations, it will require new grant "read_repository" by user - + 5. Restart DefectDojo, and you should now see a **Login with Gitlab** button on the login page. @@ -283,7 +283,7 @@ Follow along below. There is also an option to use Keycloak as OAuth2 provider in order to authenticate users to Defect Dojo, also by using the social-auth plugin. -Here are suggestion on how to configure Keycloak and DefectDojo: +Here are suggestion on how to configure Keycloak and DefectDojo: ### Configure Keycloak (assuming you already have an existing realm, otherwise create one) @@ -296,7 +296,7 @@ Here are suggestion on how to configure Keycloak and DefectDojo: * Under `Fine grained openID connect configuration` -> `request object signature algorithm`: set to `RS256` * -> save these settings in keycloak (hit save button) 3. Under `Scope` -> `Full Scope Allowed` set to `off` -4. Under `mappers` -> add a custom mapper here: +4. Under `mappers` -> add a custom mapper here: * Name: `aud` * Mapper type: `audience` * Included audience: select your client/client-id here @@ -308,7 +308,7 @@ Here are suggestion on how to configure Keycloak and DefectDojo: and look up your authorization and token endpoint (use them below) ### Configure Defect Dojo -Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following +Edit the settings (see [Configuration](../../open_source/installation/configuration)) with the following information: {{< highlight python >}} @@ -317,13 +317,13 @@ Edit the settings (see [Configuration](../../os_getting_started/configuration)) DD_SECURE_SSL_REDIRECT=True, DD_SOCIAL_AUTH_KEYCLOAK_OAUTH2_ENABLED=True, DD_SOCIAL_AUTH_KEYCLOAK_PUBLIC_KEY=(str, ''), - DD_SOCIAL_AUTH_KEYCLOAK_KEY=(str, ''), - DD_SOCIAL_AUTH_KEYCLOAK_SECRET=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_KEY=(str, ''), + DD_SOCIAL_AUTH_KEYCLOAK_SECRET=(str, ''), DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL=(str, ''), - DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=(str, '') + DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL=(str, '') {{< /highlight >}} - -or, alternatively, for helm configuration, add this to the `extraConfig` section: + +or, alternatively, for helm configuration, add this to the `extraConfig` section: ```yaml DD_SESSION_COOKIE_SECURE: 'True' @@ -337,7 +337,7 @@ DD_SOCIAL_AUTH_KEYCLOAK_AUTHORIZATION_URL: '' DD_SOCIAL_AUTH_KEYCLOAK_ACCESS_TOKEN_URL: '' ``` -Optionally, you *can* set `DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT` in order to customize the login button's text caption. +Optionally, you *can* set `DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT` in order to customize the login button's text caption. ## GitHub Enterprise 1. Navigate to your GitHub Enterprise Server and follow instructions to create a new OAuth App [https://docs.github.com/en/enterprise-server/developers/apps/building-oauth-apps/creating-an-oauth-app](https://docs.github.com/en/enterprise-server/developers/apps/building-oauth-apps/creating-an-oauth-app) @@ -345,25 +345,25 @@ Optionally, you *can* set `DD_SOCIAL_AUTH_KEYCLOAK_LOGIN_BUTTON_TEXT` in order t 3. For the Redirect URI, enter the DefectDojo URL with the following format - **https://the_hostname_you_have_dojo_deployed:your_server_port/complete/github-enterprise/** -4. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following +4. Edit the settings (see [Configuration](../../open_source/installation/configuration)) with the following information: - {{< highlight python >}} - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, 'GitHub Enterprise OAuth App Client ID'), - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, 'GitHub Enterprise OAuth App Client Secret'), - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL=(str, 'https://github..com/'), - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL=(str, 'https://github..com/api/v3/'), - DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_OAUTH2_ENABLED = True, + {{< highlight python >}} + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_KEY=(str, 'GitHub Enterprise OAuth App Client ID'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_SECRET=(str, 'GitHub Enterprise OAuth App Client Secret'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_URL=(str, 'https://github..com/'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_API_URL=(str, 'https://github..com/api/v3/'), + DD_SOCIAL_AUTH_GITHUB_ENTERPRISE_OAUTH2_ENABLED = True, {{< /highlight >}} 5. Restart DefectDojo, and you should now see a **Login with GitHub Enterprise** - button on the login page. + button on the login page. ## SAML 2.0 In a similar direction to OAuth, this SAML addition provides a more secure perogative to SSO. For definitions of terms used and more information, -see the plugin [plugin homepage](https://github.com/IdentityPython/djangosaml2). +see the plugin [plugin homepage](https://github.com/IdentityPython/djangosaml2). 1. Navigate to your SAML IdP and find your metadata -2. Edit the settings (see [Configuration](../../os_getting_started/configuration)) with the following +2. Edit the settings (see [Configuration](../../open_source/installation/configuration)) with the following information: {{< highlight python >}} diff --git a/docs/content/en/open_source/rate_limiting.md b/docs/content/en/open_source/rate_limiting.md index 16c56cc0532..ec8bf54b2d3 100644 --- a/docs/content/en/open_source/rate_limiting.md +++ b/docs/content/en/open_source/rate_limiting.md @@ -14,7 +14,7 @@ For further information, please visit the package documentation [Django Ratelimi #### Enable Rate Limiting -To enable and configure rate limiting, edit the settings (see [Configuration](../../os_getting_started/configuration) and edit/replace the following information: +To enable and configure rate limiting, edit the settings (see [Configuration](../../open_source/installation/configuration) and edit/replace the following information: {{< highlight python >}} DD_RATE_LIMITER_ENABLED=(bool, True), @@ -25,7 +25,7 @@ DD_RATE_LIMITER_ACCOUNT_LOCKOUT=(bool, True), #### Rate Limit -The frequency at which the request will be limited can be set to +The frequency at which the request will be limited can be set to * seconds - `1s` * minutes - `5m` @@ -38,18 +38,18 @@ Extended configuration can be found [here](https://django-ratelimit.readthedocs. By default, rate limiting is set to record offenses, but does not actually block requests and enforce the limit. -Setting `DD_RATE_LIMITER_BLOCK` will block all incoming requests at the configured frequncy once that frequency has been exceeded. +Setting `DD_RATE_LIMITER_BLOCK` will block all incoming requests at the configured frequncy once that frequency has been exceeded. -#### Account Lockout +#### Account Lockout -In the event of a brute force attack, a users credentials could potentially be comprimised. +In the event of a brute force attack, a users credentials could potentially be comprimised. -In an attempt to circumvent that event, setting `DD_RATE_LIMITER_ACCOUNT_LOCKOUT` will force a user to reset their password upon the next attempted login. +In an attempt to circumvent that event, setting `DD_RATE_LIMITER_ACCOUNT_LOCKOUT` will force a user to reset their password upon the next attempted login. #### Multi-Process Behavior When using configurations with multiple uwsgi processes, the rate limiting package uses the default cache that is memory based and local to a process. -#### Extra Configuation +#### Extra Configuation For further information, please visit the package documentation [Django Ratelimit](https://django-ratelimit.readthedocs.io/en/stable/index.html) From 17f0c388e184a69873148fe741d23fd46c9235b1 Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Fri, 7 Feb 2025 10:54:48 -0600 Subject: [PATCH 7/9] Sample Data: Remove audit logs entries (#11752) --- dojo/fixtures/defect_dojo_sample_data.json | 16514 +------------------ unittests/test_sample_data.py | 1 + 2 files changed, 243 insertions(+), 16272 deletions(-) diff --git a/dojo/fixtures/defect_dojo_sample_data.json b/dojo/fixtures/defect_dojo_sample_data.json index 641b86ba9e1..85c7311bf4a 100644 --- a/dojo/fixtures/defect_dojo_sample_data.json +++ b/dojo/fixtures/defect_dojo_sample_data.json @@ -3,7 +3,7 @@ "model": "auth.user", "fields": { "password": "argon2$argon2id$v=19$m=102400,t=2,p=8$S2NCTzJ5b0F6SUJPdnVZTXpJVnlDRA$eS/SvwIW7KoVnINE5uzkv5GZ7biJz34gA0WmRlHgqWQ", - "last_login": "2025-01-17T17:31:35.946Z", + "last_login": "2025-02-06T22:39:20.922Z", "is_superuser": true, "username": "admin", "first_name": "", @@ -124,16461 +124,409 @@ }, { "model": "sessions.session", - "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw", - "fields": { - "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", - "expire_date": "2021-07-19T22:22:52.744Z" - } -}, -{ - "model": "sessions.session", - "pk": "jd1dvmzg2kdst1dvjvd82xto3two999q", - "fields": { - "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", - "expire_date": "2021-11-19T07:37:14.206Z" - } -}, -{ - "model": "sessions.session", - "pk": "nrksf0iuveua4cjxcy9m5i5nvvnswks0", - "fields": { - "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", - "expire_date": "2021-11-19T12:12:49.262Z" - } -}, -{ - "model": "sessions.session", - "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt", - "fields": { - "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", - "expire_date": "2021-07-16T00:21:49.329Z" - } -}, -{ - "model": "sites.site", - "fields": { - "domain": "example.com", - "name": "example.com" - } -}, -{ - "model": "admin.logentry", - "pk": 1, - "fields": { - "action_time": "2021-07-02T00:22:01.258Z", - "user": [ - "admin" - ], - "content_type": [ - "auth", - "user" - ], - "object_id": "2", - "object_repr": "user1", - "action_flag": 1, - "change_message": "[{\"added\": {}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 2, - "fields": { - "action_time": "2021-07-02T00:22:09.722Z", - "user": [ - "admin" - ], - "content_type": [ - "auth", - "user" - ], - "object_id": "3", - "object_repr": "user2", - "action_flag": 1, - "change_message": "[{\"added\": {}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 3, - "fields": { - "action_time": "2021-11-04T08:57:11.661Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "6", - "object_repr": "High Impact test finding", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 4, - "fields": { - "action_time": "2021-11-04T08:57:21.204Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "4", - "object_repr": "High Impact test finding", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 5, - "fields": { - "action_time": "2021-11-04T08:57:32.008Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "2", - "object_repr": "High Impact test finding", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 6, - "fields": { - "action_time": "2021-11-04T08:58:15.735Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "3", - "object_repr": "High Impact test finding", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 7, - "fields": { - "action_time": "2021-11-04T08:58:43.433Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "5", - "object_repr": "High Impact test finding", - "action_flag": 3, - "change_message": "" - } -}, -{ - "model": "admin.logentry", - "pk": 8, - "fields": { - "action_time": "2021-11-04T08:58:43.474Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "7", - "object_repr": "DUMMY FINDING", - "action_flag": 3, - "change_message": "" - } -}, -{ - "model": "admin.logentry", - "pk": 9, - "fields": { - "action_time": "2021-11-04T08:58:43.495Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "6", - "object_repr": "High Impact test finding", - "action_flag": 3, - "change_message": "" - } -}, -{ - "model": "admin.logentry", - "pk": 10, - "fields": { - "action_time": "2021-11-04T08:58:43.501Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "4", - "object_repr": "High Impact test finding", - "action_flag": 3, - "change_message": "" - } -}, -{ - "model": "admin.logentry", - "pk": 11, - "fields": { - "action_time": "2021-11-04T08:58:43.507Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "3", - "object_repr": "High Impact test finding", - "action_flag": 3, - "change_message": "" - } -}, -{ - "model": "admin.logentry", - "pk": 12, - "fields": { - "action_time": "2021-11-04T08:58:43.512Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "test_import" - ], - "object_id": "2", - "object_repr": "High Impact test finding", - "action_flag": 3, - "change_message": "" - } -}, -{ - "model": "admin.logentry", - "pk": 13, - "fields": { - "action_time": "2021-11-04T09:00:09.825Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "jira_issue" - ], - "object_id": "1", - "object_repr": "Java", - "action_flag": 1, - "change_message": "[{\"added\": {}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 14, - "fields": { - "action_time": "2021-11-04T09:13:05.793Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "jira_issue" - ], - "object_id": "4", - "object_repr": "XML", - "action_flag": 1, - "change_message": "[{\"added\": {}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 15, - "fields": { - "action_time": "2021-11-04T09:14:00.425Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "jira_issue" - ], - "object_id": "3", - "object_repr": "JavaScript", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 16, - "fields": { - "action_time": "2021-11-04T09:20:33.497Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "notification_webhooks" - ], - "object_id": "1", - "object_repr": "Tomcat | Bodgeit", - "action_flag": 1, - "change_message": "[{\"added\": {}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 17, - "fields": { - "action_time": "2021-11-04T13:06:05.480Z", - "user": [ - "admin" - ], - "content_type": [ - "dojo", - "jira_issue" - ], - "object_id": "2", - "object_repr": "Python", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 18, - "fields": { - "action_time": "2021-11-05T07:13:16.077Z", - "user": [ - "admin" - ], - "content_type": [ - "auth", - "user" - ], - "object_id": "1", - "object_repr": "admin", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 19, - "fields": { - "action_time": "2021-11-05T07:13:53.435Z", - "user": [ - "admin" - ], - "content_type": [ - "auth", - "user" - ], - "object_id": "2", - "object_repr": "product_manager", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" - } -}, -{ - "model": "admin.logentry", - "pk": 20, - "fields": { - "action_time": "2021-11-05T07:21:45.543Z", - "user": [ - "admin" - ], - "content_type": [ - "auth", - "user" - ], - "object_id": "2", - "object_repr": "product_manager", - "action_flag": 2, - "change_message": "[{\"changed\": {\"fields\": [\"is_staff\"]}}]" - } -}, -{ - "model": "auditlog.logentry", - "pk": 1, - "fields": { - "content_type": [ - "dojo", - "product_type" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "Research and Development", - "serialized_data": null, - "action": 0, - "changes": "{\"key_product\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"name\": [\"None\", \"Research and Development\"], \"critical_product\": [\"None\", \"False\"], \"prod_type\": [\"None\", \"dojo.Product.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:19.938Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 2, - "fields": { - "content_type": [ - "dojo", - "product_type" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "Commerce", - "serialized_data": null, - "action": 0, - "changes": "{\"updated\": [\"None\", \"2021-11-04 09:27:38.846000\"], \"key_product\": [\"None\", \"False\"], \"id\": [\"None\", \"2\"], \"name\": [\"None\", \"Commerce\"], \"critical_product\": [\"None\", \"True\"], \"prod_type\": [\"None\", \"dojo.Product.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.051Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 3, - "fields": { - "content_type": [ - "dojo", - "product_type" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "Billing", - "serialized_data": null, - "action": 0, - "changes": "{\"updated\": [\"None\", \"2021-11-04 09:27:51.762000\"], \"key_product\": [\"None\", \"True\"], \"id\": [\"None\", \"3\"], \"name\": [\"None\", \"Billing\"], \"critical_product\": [\"None\", \"False\"], \"prod_type\": [\"None\", \"dojo.Product.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.063Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 4, - "fields": { - "content_type": [ - "dojo", - "product" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "BodgeIt", - "serialized_data": null, - "action": 0, - "changes": "{\"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"updated\": [\"None\", \"2025-01-17 16:52:28.298000\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"1\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.148Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 5, - "fields": { - "content_type": [ - "dojo", - "product" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "Internal CRM App", - "serialized_data": null, - "action": 0, - "changes": "{\"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"updated\": [\"None\", \"2025-01-17 16:52:28.346000\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"51\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"2\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.176Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 6, - "fields": { - "content_type": [ - "dojo", - "product" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "Apple Accounting Software", - "serialized_data": null, - "action": 0, - "changes": "{\"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"sla_configuration\": [\"None\", \"Default\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_product_tag_inheritance\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"], \"disable_sla_breach_notifications\": [\"None\", \"False\"], \"async_updating\": [\"None\", \"False\"], \"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"3\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.195Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 7, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "Engagement 1: 1st Quarter Engagement (Jun 30, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"1st Quarter Engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"id\": [\"None\", \"1\"], \"lead\": [\"None\", \"(product_manager)\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.224Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 8, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "Engagement 2: April Monthly Engagement (Jun 30, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"April Monthly Engagement\"], \"description\": [\"None\", \"Requested by the team for regular manual checkup by the security team.\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"id\": [\"None\", \"2\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:15:49.870000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.247Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 9, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "Engagement 3: weekly engagement (Jun 21, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"weekly engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-21\"], \"target_end\": [\"None\", \"2021-06-22\"], \"id\": [\"None\", \"3\"], \"lead\": [\"None\", \"(product_manager)\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.268Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 10, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "4", - "object_id": 4, - "object_repr": "Engagement 4: Static Scan (Nov 03, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Static Scan\"], \"description\": [\"None\", \"Initial static scan for Bodgeit.\"], \"version\": [\"None\", \"v.1.2.0\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-10\"], \"id\": [\"None\", \"4\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:14:58.726000\"], \"created\": [\"None\", \"2021-11-04 09:01:00.647000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.290Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 11, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "6", - "object_id": 6, - "object_repr": "Engagement 6: Quarterly PCI Scan (Jan 19, 2022)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Quarterly PCI Scan\"], \"description\": [\"None\", \"Reccuring Quarterly Scan\"], \"target_start\": [\"None\", \"2022-01-19\"], \"target_end\": [\"None\", \"2022-01-26\"], \"id\": [\"None\", \"6\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 09:26:47.339000\"], \"created\": [\"None\", \"2021-11-04 09:25:29.380000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.311Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 12, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "7", - "object_id": 7, - "object_repr": "Engagement 7: Ad Hoc Engagement (Nov 03, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Ad Hoc Engagement\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-03\"], \"id\": [\"None\", \"7\"], \"product\": [\"None\", \"Internal CRM App\"], \"updated\": [\"None\", \"2021-11-04 09:36:15.136000\"], \"created\": [\"None\", \"2021-11-04 09:36:15.136000\"], \"active\": [\"None\", \"False\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.337Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 13, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "8", - "object_id": 8, - "object_repr": "Engagement 8: Initial Assessment (Dec 20, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Initial Assessment\"], \"description\": [\"None\", \"This application needs to be assesed to determine the security posture.\"], \"version\": [\"None\", \"10.2.1\"], \"target_start\": [\"None\", \"2021-12-20\"], \"target_end\": [\"None\", \"2021-12-27\"], \"id\": [\"None\", \"8\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"updated\": [\"None\", \"2021-11-04 09:44:29.481000\"], \"created\": [\"None\", \"2021-11-04 09:42:51.116000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.358Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 14, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "10", - "object_id": 10, - "object_repr": "Engagement 10: Multiple scanners (Nov 04, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Multiple scanners\"], \"description\": [\"None\", \"Example engagement with multiple scan types.\"], \"version\": [\"None\", \"1.2.1\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"id\": [\"None\", \"10\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 06:49:39.475000\"], \"created\": [\"None\", \"2021-11-05 06:44:35.773000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.380Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 15, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "11", - "object_id": 11, - "object_repr": "Engagement 11: Manual PenTest (Dec 30, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Manual PenTest\"], \"description\": [\"None\", \"Please do a manual pentest before our next release to prod.\"], \"version\": [\"None\", \"1.9.1\"], \"target_start\": [\"None\", \"2021-12-30\"], \"target_end\": [\"None\", \"2022-01-02\"], \"id\": [\"None\", \"11\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 06:55:42.622000\"], \"created\": [\"None\", \"2021-11-05 06:54:11.880000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Blocked\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.405Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 16, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "12", - "object_id": 12, - "object_repr": "Engagement 12: CI/CD Baseline Security Test (Nov 04, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"CI/CD Baseline Security Test\"], \"description\": [\"None\", \"\"], \"version\": [\"None\", \"1.1.2\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-11\"], \"id\": [\"None\", \"12\"], \"lead\": [\"None\", \"(admin)\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 07:07:44.126000\"], \"created\": [\"None\", \"2021-11-05 07:06:26.136000\"], \"active\": [\"None\", \"False\"], \"tracker\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"CI/CD\"], \"build_id\": [\"None\", \"89\"], \"commit_hash\": [\"None\", \"b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6\"], \"branch_tag\": [\"None\", \"master\"], \"source_code_management_uri\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.426Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 17, - "fields": { - "content_type": [ - "dojo", - "engagement" - ], - "object_pk": "13", - "object_id": 13, - "object_repr": "Engagement 13: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"AdHoc Import - Fri, 17 Aug 2018 18:20:55\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"id\": [\"None\", \"13\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-05 10:43:05.446000\"], \"created\": [\"None\", \"2021-11-05 10:43:05.446000\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"deduplication_on_engagement\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.447Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 18, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "http://127.0.0.1//endpoint/420/edit/", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"1\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"80\"], \"path\": [\"None\", \"/endpoint/420/edit/\"], \"product\": [\"None\", \"Internal CRM App\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.470Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 19, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "ftp://localhost//", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"2\"], \"protocol\": [\"None\", \"ftp\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"21\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.478Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 20, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "ssh://127.0.0.1", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"3\"], \"protocol\": [\"None\", \"ssh\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"22\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.485Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 21, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "4", - "object_id": 4, - "object_repr": "http://localhost:8888//bodgeit/login.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"4\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/login.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.492Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 22, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "5", - "object_id": 5, - "object_repr": "127.0.0.1", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"5\"], \"host\": [\"None\", \"127.0.0.1\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.540Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 23, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "6", - "object_id": 6, - "object_repr": "http://localhost:8888//bodgeit/register.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"6\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/register.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.548Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 24, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "7", - "object_id": 7, - "object_repr": "http://localhost:8888//bodgeit/password.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"7\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/password.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.554Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 25, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "8", - "object_id": 8, - "object_repr": "http://localhost:8888//bodgeit/", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"8\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.561Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 26, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "9", - "object_id": 9, - "object_repr": "http://localhost:8888//bodgeit/basket.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"9\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/basket.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.568Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 27, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "10", - "object_id": 10, - "object_repr": "http://localhost:8888//bodgeit/advanced.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"10\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/advanced.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.575Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 28, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "11", - "object_id": 11, - "object_repr": "http://localhost:8888//bodgeit/admin.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"11\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/admin.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.581Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 29, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "12", - "object_id": 12, - "object_repr": "http://localhost:8888//bodgeit/about.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"12\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/about.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.588Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 30, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "13", - "object_id": 13, - "object_repr": "http://localhost:8888//bodgeit/contact.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"13\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/contact.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.595Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 31, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "14", - "object_id": 14, - "object_repr": "http://localhost:8888//bodgeit/home.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"14\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/home.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.601Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 32, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "15", - "object_id": 15, - "object_repr": "http://localhost:8888//bodgeit/product.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"15\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/product.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.608Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 33, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "16", - "object_id": 16, - "object_repr": "http://localhost:8888//bodgeit/score.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"16\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/score.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.614Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 34, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "17", - "object_id": 17, - "object_repr": "http://localhost:8888//bodgeit/search.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"17\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/search.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.621Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 35, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "18", - "object_id": 18, - "object_repr": "http://localhost:8888//", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"18\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.628Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 36, - "fields": { - "content_type": [ - "dojo", - "endpoint" - ], - "object_pk": "19", - "object_id": 19, - "object_repr": "http://localhost:8888//bodgeit/logout.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"id\": [\"None\", \"19\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/logout.jsp\"], \"product\": [\"None\", \"BodgeIt\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.635Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 37, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "API Test", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 1: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"00:00:00\"], \"actual_time\": [\"None\", \"00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"3\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.649Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 38, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "13", - "object_id": 13, - "object_repr": "API Test", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 2: April Monthly Engagement (Jun 30, 2021)\"], \"lead\": [\"None\", \"(product_manager)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-03-21 01:00:00\"], \"target_end\": [\"None\", \"2021-03-22 01:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"13\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.660Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 39, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "14", - "object_id": 14, - "object_repr": "API Test", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 1: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"02:00:00\"], \"actual_time\": [\"None\", \"00:30:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"id\": [\"None\", \"14\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.669Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 40, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "15", - "object_id": 15, - "object_repr": "Checkmarx Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 4: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Checkmarx Scan\"], \"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 09:01:30.563000\"], \"created\": [\"None\", \"2021-11-04 09:01:30.563000\"], \"id\": [\"None\", \"15\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.679Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 41, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "16", - "object_id": 16, - "object_repr": "Checkmarx Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 4: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Checkmarx Scan\"], \"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 09:03:25.139000\"], \"created\": [\"None\", \"2021-11-04 09:03:25.139000\"], \"id\": [\"None\", \"16\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.689Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 42, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "18", - "object_id": 18, - "object_repr": "Qualys Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 6: Quarterly PCI Scan (Jan 19, 2022)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Qualys Scan\"], \"target_start\": [\"None\", \"2022-01-19 00:00:00\"], \"target_end\": [\"None\", \"2022-01-24 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:26:34.003000\"], \"created\": [\"None\", \"2021-11-04 09:25:46.327000\"], \"id\": [\"None\", \"18\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.699Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 43, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "19", - "object_id": 19, - "object_repr": "Pen Test", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 7: Ad Hoc Engagement (Nov 03, 2021)\"], \"test_type\": [\"None\", \"Pen Test\"], \"target_start\": [\"None\", \"2021-11-04 09:36:15.180000\"], \"target_end\": [\"None\", \"2021-11-04 09:36:15.180000\"], \"updated\": [\"None\", \"2021-11-04 09:36:15.180000\"], \"created\": [\"None\", \"2021-11-04 09:36:15.180000\"], \"id\": [\"None\", \"19\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.708Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 44, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "20", - "object_id": 20, - "object_repr": "API Test", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"API Test\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:43:09.101000\"], \"created\": [\"None\", \"2021-11-04 09:43:09.101000\"], \"id\": [\"None\", \"20\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.718Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 45, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "21", - "object_id": 21, - "object_repr": "Nmap Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Nmap Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Staging\"], \"updated\": [\"None\", \"2021-11-04 09:43:23.410000\"], \"created\": [\"None\", \"2021-11-04 09:43:23.410000\"], \"id\": [\"None\", \"21\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.728Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 46, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "22", - "object_id": 22, - "object_repr": "Dependency Check Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Dependency Check Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:43:41.711000\"], \"created\": [\"None\", \"2021-11-04 09:43:41.711000\"], \"id\": [\"None\", \"22\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.738Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 47, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "23", - "object_id": 23, - "object_repr": "ZAP Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 8: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"ZAP Scan\"], \"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 09:44:01.815000\"], \"created\": [\"None\", \"2021-11-04 09:44:01.815000\"], \"id\": [\"None\", \"23\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.747Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 48, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "25", - "object_id": 25, - "object_repr": "Dependency Check Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Dependency Check Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:44:35.814000\"], \"created\": [\"None\", \"2021-11-05 06:44:35.814000\"], \"id\": [\"None\", \"25\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.757Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 49, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "26", - "object_id": 26, - "object_repr": "VCG Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"VCG Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:46:06.450000\"], \"created\": [\"None\", \"2021-11-05 06:46:06.450000\"], \"id\": [\"None\", \"26\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.767Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 50, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "28", - "object_id": 28, - "object_repr": "Burp Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 10: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Burp Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 06:47:17.517000\"], \"created\": [\"None\", \"2021-11-05 06:47:17.518000\"], \"id\": [\"None\", \"28\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.777Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 51, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "29", - "object_id": 29, - "object_repr": "Manual Code Review", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 11: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Manual Code Review\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-05 06:54:23.989000\"], \"created\": [\"None\", \"2021-11-05 06:54:23.989000\"], \"id\": [\"None\", \"29\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.787Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 52, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "30", - "object_id": 30, - "object_repr": "Pen Test", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 11: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Pen Test\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Pre-prod\"], \"updated\": [\"None\", \"2021-11-05 06:54:35.499000\"], \"created\": [\"None\", \"2021-11-05 06:54:35.499000\"], \"id\": [\"None\", \"30\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.798Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 53, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "31", - "object_id": 31, - "object_repr": "Gosec Scanner", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 12: CI/CD Baseline Security Test (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Gosec Scanner\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 07:07:18.034000\"], \"created\": [\"None\", \"2021-11-05 07:07:18.034000\"], \"id\": [\"None\", \"31\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.808Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 54, - "fields": { - "content_type": [ - "dojo", - "test" - ], - "object_pk": "32", - "object_id": 32, - "object_repr": "Burp Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"Engagement 13: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)\"], \"lead\": [\"None\", \"(admin)\"], \"test_type\": [\"None\", \"Burp Scan\"], \"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-05 10:43:05.485000\"], \"created\": [\"None\", \"2021-11-05 10:43:05.485000\"], \"id\": [\"None\", \"32\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.818Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 55, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "High Impact Test Finding", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62\"], \"id\": [\"None\", \"2\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.707000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.834Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 56, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "High Impact Test Finding", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"id\": [\"None\", \"3\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.280000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.852Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 57, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "4", - "object_id": 4, - "object_repr": "High Impact Test Finding", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"id\": [\"None\", \"4\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.297000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.867Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 58, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "5", - "object_id": 5, - "object_repr": "High Impact Test Finding", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"id\": [\"None\", \"5\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:12.850000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.882Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 59, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "6", - "object_id": 6, - "object_repr": "High Impact Test Finding", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"id\": [\"None\", \"6\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"High Impact Test Finding\"], \"date\": [\"None\", \"2021-03-21\"], \"sla_expiration_date\": [\"None\", \"2021-04-20\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.314000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.897Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 60, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "7", - "object_id": 7, - "object_repr": "Dummy Finding", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"hash_code\": [\"None\", \"c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0\"], \"id\": [\"None\", \"7\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Dummy Finding\"], \"date\": [\"None\", \"2021-03-20\"], \"sla_expiration_date\": [\"None\", \"2021-04-19\"], \"cwe\": [\"None\", \"1\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"http://www.example.com\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"TEST finding\"], \"mitigation\": [\"None\", \"MITIGATION\"], \"impact\": [\"None\", \"HIGH\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.331000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"review_requested_by\": [\"None\", \"(product_manager)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(product_manager)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"1\"], \"reporter\": [\"None\", \"(product_manager)\"], \"numerical_severity\": [\"None\", \"S1\"], \"line\": [\"None\", \"100\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.913Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 61, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "8", - "object_id": 8, - "object_repr": "SQL Injection (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.590000\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"id\": [\"None\", \"8\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.691000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.587000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.927Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 62, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "9", - "object_id": 9, - "object_repr": "Download of Code Without Integrity Check (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.769000\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"id\": [\"None\", \"9\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.758000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.763000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.942Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 63, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "10", - "object_id": 10, - "object_repr": "Missing X Frame Options (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:32.948000\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"id\": [\"None\", \"10\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"829\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.904000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:32.945000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.957Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 64, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "11", - "object_id": 11, - "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.124000\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"id\": [\"None\", \"11\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.527000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.122000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.972Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 65, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "12", - "object_id": 12, - "object_repr": "Improper Resource Shutdown or Release (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.268000\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"id\": [\"None\", \"12\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.331000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.265000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:20.986Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 66, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "13", - "object_id": 13, - "object_repr": "Reflected XSS All Clients (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.438000\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"id\": [\"None\", \"13\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.484000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.435000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.032Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 67, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "14", - "object_id": 14, - "object_repr": "HttpOnlyCookies (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.602000\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"id\": [\"None\", \"14\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.422000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.599000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.050Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 68, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "15", - "object_id": 15, - "object_repr": "CGI Reflected XSS All Clients (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.755000\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"id\": [\"None\", \"15\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.344000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.751000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.065Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 69, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "16", - "object_id": 16, - "object_repr": "Hardcoded Password in Connection String (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:33.905000\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"id\": [\"None\", \"16\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.192000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:33.902000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.082Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 70, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "17", - "object_id": 17, - "object_repr": "Client Insecure Randomness (encryption.js)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.060000\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"id\": [\"None\", \"17\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.380000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.056000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.097Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 71, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "18", - "object_id": 18, - "object_repr": "SQL Injection (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.209000\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"id\": [\"None\", \"18\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.659000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.206000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.112Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 72, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "19", - "object_id": 19, - "object_repr": "Stored XSS (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.373000\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"id\": [\"None\", \"19\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.772000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.370000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.128Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 73, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "20", - "object_id": 20, - "object_repr": "CGI Stored XSS (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.530000\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"id\": [\"None\", \"20\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.486000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.527000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.143Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 74, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "21", - "object_id": 21, - "object_repr": "Not Using a Random IV With CBC Mode (AES.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.702000\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"id\": [\"None\", \"21\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Not Using a Random IV With CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"329\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.933000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.699000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.159Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 75, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "22", - "object_id": 22, - "object_repr": "Collapse of Data Into Unsafe Value (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:34.865000\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"id\": [\"None\", \"22\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Collapse of Data Into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"182\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.396000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:34.861000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.174Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 76, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "23", - "object_id": 23, - "object_repr": "Stored Boundary Violation (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.040000\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"id\": [\"None\", \"23\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"646\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.227000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.037000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.189Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 77, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "24", - "object_id": 24, - "object_repr": "Hardcoded Password in Connection String (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.231000\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"id\": [\"None\", \"24\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.053000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.227000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.204Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 78, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "25", - "object_id": 25, - "object_repr": "Blind SQL Injections (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.388000\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"id\": [\"None\", \"25\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.286000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.385000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.219Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 79, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "26", - "object_id": 26, - "object_repr": "Heap Inspection (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.563000\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"id\": [\"None\", \"26\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.301000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.561000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.234Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 80, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "27", - "object_id": 27, - "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.729000\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"id\": [\"None\", \"27\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.640000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.724000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.248Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 81, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "28", - "object_id": 28, - "object_repr": "Trust Boundary Violation (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:35.904000\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"id\": [\"None\", \"28\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"501\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.577000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:35.900000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.263Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 82, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "29", - "object_id": 29, - "object_repr": "Information Exposure Through an Error Message (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.151000\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"id\": [\"None\", \"29\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.542000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.147000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.278Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 83, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "30", - "object_id": 30, - "object_repr": "Reliance on Cookies in a Decision (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.397000\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"id\": [\"None\", \"30\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.041000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.394000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.297Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 84, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "31", - "object_id": 31, - "object_repr": "Empty Password in Connection String (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.586000\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"id\": [\"None\", \"31\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.642000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.583000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.320Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 85, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "32", - "object_id": 32, - "object_repr": "Improper Resource Access Authorization (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.781000\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"id\": [\"None\", \"32\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.977000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.777000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.340Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 86, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "33", - "object_id": 33, - "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:36.976000\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"id\": [\"None\", \"33\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.583000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:36.972000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.358Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 87, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "34", - "object_id": 34, - "object_repr": "Hardcoded Password in Connection String (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.211000\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"id\": [\"None\", \"34\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.145000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.206000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.375Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 88, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "35", - "object_id": 35, - "object_repr": "HttpOnlyCookies in Config (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.495000\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"id\": [\"None\", \"35\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies in Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.499000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.491000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.393Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 89, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "36", - "object_id": 36, - "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.702000\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"id\": [\"None\", \"36\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.138000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.698000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.410Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 90, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "37", - "object_id": 37, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:37.894000\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"id\": [\"None\", \"37\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.165000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:37.891000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.427Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 91, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "38", - "object_id": 38, - "object_repr": "CGI Reflected XSS All Clients (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.083000\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"id\": [\"None\", \"38\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.328000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.079000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.446Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 92, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "39", - "object_id": 39, - "object_repr": "Suspected XSS (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.281000\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"id\": [\"None\", \"39\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** <%=username%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.306000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.277000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.463Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 93, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "40", - "object_id": 40, - "object_repr": "Hardcoded Password in Connection String (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.499000\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"id\": [\"None\", \"40\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.989000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.495000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.480Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 94, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "41", - "object_id": 41, - "object_repr": "Hardcoded Password in Connection String (dbconnection.jspf)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.694000\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"id\": [\"None\", \"41\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.038000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.690000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.518Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 95, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "42", - "object_id": 42, - "object_repr": "Empty Password in Connection String (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:38.895000\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"id\": [\"None\", \"42\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.675000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:38.891000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.535Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 96, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "43", - "object_id": 43, - "object_repr": "Download of Code Without Integrity Check (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.107000\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"id\": [\"None\", \"43\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.727000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.102000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.552Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 97, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "44", - "object_id": 44, - "object_repr": "Information Exposure Through an Error Message (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.298000\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"id\": [\"None\", \"44\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.686000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.295000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.568Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 98, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "45", - "object_id": 45, - "object_repr": "SQL Injection (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.448000\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"id\": [\"None\", \"45\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.628000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.444000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.585Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 99, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "46", - "object_id": 46, - "object_repr": "Empty Password in Connection String (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.616000\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"id\": [\"None\", \"46\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.443000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.613000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.601Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 100, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "47", - "object_id": 47, - "object_repr": "CGI Stored XSS (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:39.814000\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"id\": [\"None\", \"47\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.551000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:39.809000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.617Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 101, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "48", - "object_id": 48, - "object_repr": "Plaintext Storage in a Cookie (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.005000\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"id\": [\"None\", \"48\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"315\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.964000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.001000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.634Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 102, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "49", - "object_id": 49, - "object_repr": "Information Exposure Through an Error Message (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.176000\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"id\": [\"None\", \"49\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.605000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.173000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.652Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 103, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "50", - "object_id": 50, - "object_repr": "Hardcoded Password in Connection String (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.355000\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"id\": [\"None\", \"50\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.958000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.351000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.669Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 104, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "51", - "object_id": 51, - "object_repr": "Stored XSS (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.539000\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"id\": [\"None\", \"51\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\"\\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.724000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.535000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.685Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 105, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "52", - "object_id": 52, - "object_repr": "Download of Code Without Integrity Check (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.715000\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"id\": [\"None\", \"52\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.598000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.710000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.700Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 106, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "53", - "object_id": 53, - "object_repr": "Empty Password in Connection String (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:40.869000\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"id\": [\"None\", \"53\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.582000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:40.865000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.715Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 107, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "54", - "object_id": 54, - "object_repr": "Heap Inspection (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.022000\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"id\": [\"None\", \"54\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.271000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.019000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.729Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 108, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "55", - "object_id": 55, - "object_repr": "Download of Code Without Integrity Check (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.178000\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"id\": [\"None\", \"55\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.820000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.175000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.744Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 109, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "56", - "object_id": 56, - "object_repr": "Session Fixation (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.335000\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"id\": [\"None\", \"56\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"384\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.516000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.332000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.760Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 110, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "57", - "object_id": 57, - "object_repr": "Stored XSS (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.494000\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"id\": [\"None\", \"57\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\"\\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\"\\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"\\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\"\\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.970000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.491000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.780Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 111, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "58", - "object_id": 58, - "object_repr": "Empty Password in Connection String (dbconnection.jspf)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.669000\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"id\": [\"None\", \"58\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.505000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.667000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.799Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 112, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "59", - "object_id": 59, - "object_repr": "Hardcoded Password in Connection String (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.820000\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"id\": [\"None\", \"59\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.084000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.817000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.816Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 113, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "60", - "object_id": 60, - "object_repr": "Reflected XSS All Clients (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:41.972000\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"id\": [\"None\", \"60\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.499000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:41.970000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.835Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 114, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "61", - "object_id": 61, - "object_repr": "HttpOnlyCookies (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.130000\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"id\": [\"None\", \"61\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.376000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.127000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.852Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 115, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "62", - "object_id": 62, - "object_repr": "Download of Code Without Integrity Check (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.302000\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"id\": [\"None\", \"62\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.836000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.298000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.867Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 116, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "63", - "object_id": 63, - "object_repr": "Stored XSS (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.457000\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"id\": [\"None\", \"63\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.855000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.453000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.883Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 117, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "64", - "object_id": 64, - "object_repr": "Empty Password in Connection String (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.620000\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"id\": [\"None\", \"64\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.552000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.617000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.899Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 118, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "65", - "object_id": 65, - "object_repr": "Reflected XSS All Clients (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.796000\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"id\": [\"None\", \"65\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.547000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.793000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.914Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 119, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "66", - "object_id": 66, - "object_repr": "Improper Resource Access Authorization (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:42.956000\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"id\": [\"None\", \"66\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.025000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:42.953000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.930Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 120, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "67", - "object_id": 67, - "object_repr": "Download of Code Without Integrity Check (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.115000\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"id\": [\"None\", \"67\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.789000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.112000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.946Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 121, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "68", - "object_id": 68, - "object_repr": "Download of Code Without Integrity Check (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.269000\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"id\": [\"None\", \"68\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.881000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.267000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.962Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 122, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "69", - "object_id": 69, - "object_repr": "Improper Resource Access Authorization (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.431000\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"id\": [\"None\", \"69\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.831000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.428000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.977Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 123, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "70", - "object_id": 70, - "object_repr": "Race Condition Format Flaw (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.595000\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"id\": [\"None\", \"70\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"362\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\"\\\" + nf.format(pricetopay) + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.980000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.592000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:21.992Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 124, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "71", - "object_id": 71, - "object_repr": "Empty Password in Connection String (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.752000\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"id\": [\"None\", \"71\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.521000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.749000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.007Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 125, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "72", - "object_id": 72, - "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:43.931000\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"id\": [\"None\", \"72\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.785000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:43.927000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.021Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 126, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "73", - "object_id": 73, - "object_repr": "Suspected XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.091000\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"id\": [\"None\", \"73\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.274000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.088000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.036Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 127, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "74", - "object_id": 74, - "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.250000\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"id\": [\"None\", \"74\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.670000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.247000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.051Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 128, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "75", - "object_id": 75, - "object_repr": "CGI Stored XSS (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.408000\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"id\": [\"None\", \"75\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.518000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.405000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.066Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 129, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "76", - "object_id": 76, - "object_repr": "Improper Resource Shutdown or Release (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.599000\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"id\": [\"None\", \"76\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.347000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.595000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.100Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 130, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "77", - "object_id": 77, - "object_repr": "Download of Code Without Integrity Check (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.798000\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"id\": [\"None\", \"77\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.680000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.794000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.122Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 131, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "78", - "object_id": 78, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:44.961000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"78\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.266000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:44.955000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.138Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 132, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "79", - "object_id": 79, - "object_repr": "Blind SQL Injections (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.167000\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"id\": [\"None\", \"79\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.239000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.164000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.154Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 133, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "80", - "object_id": 80, - "object_repr": "Client DOM Open Redirect (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.338000\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"id\": [\"None\", \"80\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"601\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.334000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.335000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.171Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 134, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "81", - "object_id": 81, - "object_repr": "Hardcoded Password in Connection String (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.495000\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"id\": [\"None\", \"81\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.208000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.492000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.189Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 135, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "82", - "object_id": 82, - "object_repr": "CGI Stored XSS (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.667000\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"id\": [\"None\", \"82\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.407000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.664000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.207Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 136, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "83", - "object_id": 83, - "object_repr": "Use of Insufficiently Random Values (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.809000\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"id\": [\"None\", \"83\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.793000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.806000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.224Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 137, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "84", - "object_id": 84, - "object_repr": "Missing X Frame Options (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:45.947000\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"id\": [\"None\", \"84\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"829\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.857000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:45.944000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.240Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 138, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "85", - "object_id": 85, - "object_repr": "Reflected XSS All Clients (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.093000\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"id\": [\"None\", \"85\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>

\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.595000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.090000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.257Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 139, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "86", - "object_id": 86, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.242000\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"id\": [\"None\", \"86\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.149000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.239000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.273Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 140, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "87", - "object_id": 87, - "object_repr": "Information Exposure Through an Error Message (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.417000\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"id\": [\"None\", \"87\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.810000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.413000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.289Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 141, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "88", - "object_id": 88, - "object_repr": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.582000\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"id\": [\"None\", \"88\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Hard Coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"321\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.718000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.579000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.304Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 142, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "89", - "object_id": 89, - "object_repr": "Reliance on Cookies in a Decision (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.729000\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"id\": [\"None\", \"89\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.118000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.727000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.320Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 143, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "90", - "object_id": 90, - "object_repr": "Stored XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:46.883000\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"id\": [\"None\", \"90\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.823000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:46.880000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.335Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 144, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "91", - "object_id": 91, - "object_repr": "CGI Stored XSS (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.032000\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"id\": [\"None\", \"91\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\"\\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.391000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.029000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.352Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 145, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "92", - "object_id": 92, - "object_repr": "Heap Inspection (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.169000\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"id\": [\"None\", \"92\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.331000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.166000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.369Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 146, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "93", - "object_id": 93, - "object_repr": "Improper Resource Shutdown or Release (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.314000\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"id\": [\"None\", \"93\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.478000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.311000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.386Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 147, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "94", - "object_id": 94, - "object_repr": "Information Exposure Through an Error Message (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.459000\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"id\": [\"None\", \"94\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.765000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.456000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.401Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 148, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "95", - "object_id": 95, - "object_repr": "Improper Resource Access Authorization (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.615000\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"id\": [\"None\", \"95\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.907000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.612000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.417Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 149, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "96", - "object_id": 96, - "object_repr": "CGI Stored XSS (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.776000\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"id\": [\"None\", \"96\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.439000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.772000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.434Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 150, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "97", - "object_id": 97, - "object_repr": "Blind SQL Injections (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:47.932000\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"id\": [\"None\", \"97\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.222000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:47.928000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.450Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 151, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "98", - "object_id": 98, - "object_repr": "HttpOnlyCookies in Config (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.091000\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"id\": [\"None\", \"98\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies in Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.452000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.086000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.466Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 152, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "99", - "object_id": 99, - "object_repr": "Use of Hard Coded Cryptographic Key (AES.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.247000\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"id\": [\"None\", \"99\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Hard Coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"321\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.685000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.245000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.483Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 153, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "100", - "object_id": 100, - "object_repr": "Improper Resource Shutdown or Release (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.418000\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"id\": [\"None\", \"100\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.461000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.415000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.499Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 154, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "101", - "object_id": 101, - "object_repr": "CGI Reflected XSS All Clients (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.575000\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"id\": [\"None\", \"101\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.251000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.572000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.515Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 155, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "102", - "object_id": 102, - "object_repr": "Stored XSS (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.732000\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"id\": [\"None\", \"102\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.939000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.730000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.532Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 156, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "103", - "object_id": 103, - "object_repr": "Information Exposure Through an Error Message (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:48.890000\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"id\": [\"None\", \"103\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.589000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:48.887000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.549Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 157, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "104", - "object_id": 104, - "object_repr": "Improper Resource Access Authorization (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.061000\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"id\": [\"None\", \"104\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.107000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.057000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.566Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 158, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "105", - "object_id": 105, - "object_repr": "Improper Resource Access Authorization (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.230000\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"id\": [\"None\", \"105\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.892000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.227000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.582Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 159, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "106", - "object_id": 106, - "object_repr": "Improper Resource Shutdown or Release (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.390000\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"id\": [\"None\", \"106\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.168000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.387000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.598Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 160, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "107", - "object_id": 107, - "object_repr": "Information Exposure Through an Error Message (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.553000\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"id\": [\"None\", \"107\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.825000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.551000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.616Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 161, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "108", - "object_id": 108, - "object_repr": "Blind SQL Injections (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.698000\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"id\": [\"None\", \"108\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.318000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.693000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.633Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 162, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "109", - "object_id": 109, - "object_repr": "Reliance on Cookies in a Decision (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.847000\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"id\": [\"None\", \"109\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.072000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.844000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.649Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 163, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "110", - "object_id": 110, - "object_repr": "Download of Code Without Integrity Check (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:49.992000\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"id\": [\"None\", \"110\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.897000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:49.989000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.666Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 164, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "111", - "object_id": 111, - "object_repr": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.133000\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"id\": [\"None\", \"111\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Unsynchronized Access to Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"567\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.338000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.130000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.682Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 165, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "112", - "object_id": 112, - "object_repr": "Empty Password in Connection String (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.272000\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"id\": [\"None\", \"112\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.753000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.269000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.697Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 166, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "113", - "object_id": 113, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.425000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"113\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.249000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.422000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.713Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 167, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "114", - "object_id": 114, - "object_repr": "Improper Resource Access Authorization (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.583000\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"id\": [\"None\", \"114\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.091000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.580000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.729Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 168, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "115", - "object_id": 115, - "object_repr": "Session Fixation (logout.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.757000\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"id\": [\"None\", \"115\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"384\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.561000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.754000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.745Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 169, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "116", - "object_id": 116, - "object_repr": "Hardcoded Password in Connection String (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:50.920000\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"id\": [\"None\", \"116\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.130000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:50.913000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.762Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 170, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "117", - "object_id": 117, - "object_repr": "Hardcoded Password in Connection String (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.100000\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"id\": [\"None\", \"117\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.926000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.097000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.778Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 171, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "118", - "object_id": 118, - "object_repr": "Improper Resource Access Authorization (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.303000\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"id\": [\"None\", \"118\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.958000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.299000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.795Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 172, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "119", - "object_id": 119, - "object_repr": "Improper Resource Access Authorization (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.529000\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"id\": [\"None\", \"119\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.848000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.526000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.815Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 173, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "120", - "object_id": 120, - "object_repr": "Empty Password in Connection String (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.704000\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"id\": [\"None\", \"120\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.706000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.700000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.830Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 174, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "121", - "object_id": 121, - "object_repr": "Improper Resource Shutdown or Release (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:51.884000\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"id\": [\"None\", \"121\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.397000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:51.881000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.848Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 175, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "122", - "object_id": 122, - "object_repr": "Improper Resource Shutdown or Release (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.056000\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"id\": [\"None\", \"122\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.414000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.052000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.865Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 176, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "123", - "object_id": 123, - "object_repr": "Empty Password in Connection String (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.205000\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"id\": [\"None\", \"123\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.613000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.202000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.882Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 177, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "124", - "object_id": 124, - "object_repr": "Information Exposure Through an Error Message (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.350000\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"id\": [\"None\", \"124\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.718000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.347000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.899Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 178, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "125", - "object_id": 125, - "object_repr": "Use of Insufficiently Random Values (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.512000\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"id\": [\"None\", \"125\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.763000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.508000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.916Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 179, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "126", - "object_id": 126, - "object_repr": "Stored XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.665000\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"id\": [\"None\", \"126\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.806000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.662000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.932Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 180, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "127", - "object_id": 127, - "object_repr": "HttpOnlyCookies (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.806000\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"id\": [\"None\", \"127\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.407000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.803000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.949Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 181, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "128", - "object_id": 128, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:52.969000\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"id\": [\"None\", \"128\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.196000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:52.966000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.965Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 182, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "129", - "object_id": 129, - "object_repr": "Information Exposure Through an Error Message (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.115000\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"id\": [\"None\", \"129\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.638000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.112000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.980Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 183, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "130", - "object_id": 130, - "object_repr": "Race Condition Format Flaw (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.272000\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"id\": [\"None\", \"130\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"362\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.011000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.269000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:22.996Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 184, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "131", - "object_id": 131, - "object_repr": "Stored XSS (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.428000\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"id\": [\"None\", \"131\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.904000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.424000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.012Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 185, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "132", - "object_id": 132, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.606000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"132\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.218000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.603000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.031Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 186, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "133", - "object_id": 133, - "object_repr": "Heap Inspection (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.772000\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"id\": [\"None\", \"133\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.255000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.769000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.048Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 187, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "134", - "object_id": 134, - "object_repr": "CGI Reflected XSS All Clients (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:53.918000\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"id\": [\"None\", \"134\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.281000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:53.915000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.065Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 188, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "135", - "object_id": 135, - "object_repr": "Empty Password in Connection String (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.071000\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"id\": [\"None\", \"135\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.473000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.068000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.081Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 189, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "136", - "object_id": 136, - "object_repr": "Information Exposure Through an Error Message (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.219000\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"id\": [\"None\", \"136\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.733000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.216000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.097Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 190, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "137", - "object_id": 137, - "object_repr": "XSRF (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.406000\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"id\": [\"None\", \"137\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"352\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.841000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.403000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.113Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 191, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "138", - "object_id": 138, - "object_repr": "Download of Code Without Integrity Check (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.584000\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"id\": [\"None\", \"138\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.632000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.581000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.131Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 192, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "139", - "object_id": 139, - "object_repr": "Improper Resource Access Authorization (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:01:54.769000\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"id\": [\"None\", \"139\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.056000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:01:54.760000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.149Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 193, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "140", - "object_id": 140, - "object_repr": "SQL Injection (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.312000\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"id\": [\"None\", \"140\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.706000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.309000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.166Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 194, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "141", - "object_id": 141, - "object_repr": "Download of Code Without Integrity Check (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.478000\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"id\": [\"None\", \"141\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.743000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.476000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.182Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 195, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "142", - "object_id": 142, - "object_repr": "Missing X Frame Options (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.650000\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"id\": [\"None\", \"142\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"829\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.873000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.647000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.199Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 196, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "143", - "object_id": 143, - "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.832000\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"id\": [\"None\", \"143\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.510000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.829000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.216Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 197, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "144", - "object_id": 144, - "object_repr": "Improper Resource Shutdown or Release (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:27.993000\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"id\": [\"None\", \"144\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.315000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:27.990000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.232Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 198, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "145", - "object_id": 145, - "object_repr": "Reflected XSS All Clients (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.179000\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"id\": [\"None\", \"145\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.470000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.177000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.248Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 199, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "146", - "object_id": 146, - "object_repr": "HttpOnlyCookies (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.355000\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"id\": [\"None\", \"146\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.437000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.351000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.263Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 200, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "147", - "object_id": 147, - "object_repr": "CGI Reflected XSS All Clients (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.525000\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"id\": [\"None\", \"147\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.359000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.522000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.281Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 201, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "148", - "object_id": 148, - "object_repr": "Hardcoded Password in Connection String (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.692000\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"id\": [\"None\", \"148\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.175000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.689000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.297Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 202, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "149", - "object_id": 149, - "object_repr": "Client Insecure Randomness (encryption.js)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:28.867000\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"id\": [\"None\", \"149\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.365000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:28.864000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.312Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 203, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "150", - "object_id": 150, - "object_repr": "SQL Injection (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.039000\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"id\": [\"None\", \"150\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.675000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.036000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.328Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 204, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "151", - "object_id": 151, - "object_repr": "Stored XSS (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.194000\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"id\": [\"None\", \"151\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.756000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.190000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.344Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 205, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "152", - "object_id": 152, - "object_repr": "CGI Stored XSS (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.361000\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"id\": [\"None\", \"152\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.470000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.358000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.360Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 206, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "153", - "object_id": 153, - "object_repr": "Not Using a Random IV With CBC Mode (AES.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.549000\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"id\": [\"None\", \"153\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Not Using a Random IV With CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"329\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.919000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.547000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.377Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 207, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "154", - "object_id": 154, - "object_repr": "Collapse of Data Into Unsafe Value (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.701000\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"id\": [\"None\", \"154\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Collapse of Data Into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"182\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.411000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.698000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.392Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 208, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "155", - "object_id": 155, - "object_repr": "Stored Boundary Violation (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.850000\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"id\": [\"None\", \"155\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"646\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.244000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.848000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.409Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 209, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "156", - "object_id": 156, - "object_repr": "Hardcoded Password in Connection String (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:29.992000\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"id\": [\"None\", \"156\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.069000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:29.989000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.428Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 210, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "157", - "object_id": 157, - "object_repr": "Blind SQL Injections (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.139000\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"id\": [\"None\", \"157\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.270000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.136000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.447Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 211, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "158", - "object_id": 158, - "object_repr": "Heap Inspection (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.281000\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"id\": [\"None\", \"158\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.316000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.279000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.464Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 212, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "159", - "object_id": 159, - "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.451000\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"id\": [\"None\", \"159\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.624000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.448000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.481Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 213, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "160", - "object_id": 160, - "object_repr": "Trust Boundary Violation (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.598000\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"id\": [\"None\", \"160\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"501\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.593000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.594000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.497Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 214, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "161", - "object_id": 161, - "object_repr": "Information Exposure Through an Error Message (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.754000\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"id\": [\"None\", \"161\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.557000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.751000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.513Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 215, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "162", - "object_id": 162, - "object_repr": "Reliance on Cookies in a Decision (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:30.913000\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"id\": [\"None\", \"162\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.056000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:30.910000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.531Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 216, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "163", - "object_id": 163, - "object_repr": "Empty Password in Connection String (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.075000\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"id\": [\"None\", \"163\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.658000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.073000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.549Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 217, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "164", - "object_id": 164, - "object_repr": "Improper Resource Access Authorization (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.228000\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"id\": [\"None\", \"164\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.993000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.225000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.566Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 218, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "165", - "object_id": 165, - "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.382000\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"id\": [\"None\", \"165\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.567000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.379000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.583Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 219, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "166", - "object_id": 166, - "object_repr": "Hardcoded Password in Connection String (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.524000\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"id\": [\"None\", \"166\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.160000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.520000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.598Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 220, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "167", - "object_id": 167, - "object_repr": "HttpOnlyCookies in Config (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.675000\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"id\": [\"None\", \"167\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies in Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.484000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.672000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.614Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 221, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "168", - "object_id": 168, - "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.824000\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"id\": [\"None\", \"168\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.153000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.821000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.632Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 222, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "169", - "object_id": 169, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:31.976000\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"id\": [\"None\", \"169\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.181000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:31.973000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.648Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 223, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "170", - "object_id": 170, - "object_repr": "CGI Reflected XSS All Clients (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.130000\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"id\": [\"None\", \"170\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.313000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.127000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.665Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 224, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "171", - "object_id": 171, - "object_repr": "Suspected XSS (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.275000\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"id\": [\"None\", \"171\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** <%=username%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.291000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.272000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.681Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 225, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "172", - "object_id": 172, - "object_repr": "Hardcoded Password in Connection String (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.427000\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"id\": [\"None\", \"172\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.006000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.424000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.696Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 226, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "173", - "object_id": 173, - "object_repr": "Hardcoded Password in Connection String (dbconnection.jspf)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.579000\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"id\": [\"None\", \"173\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.022000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.576000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.712Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 227, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "174", - "object_id": 174, - "object_repr": "Empty Password in Connection String (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.750000\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"id\": [\"None\", \"174\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.691000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.746000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.727Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 228, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "175", - "object_id": 175, - "object_repr": "Download of Code Without Integrity Check (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:32.910000\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"id\": [\"None\", \"175\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.711000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:32.906000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.745Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 229, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "176", - "object_id": 176, - "object_repr": "Information Exposure Through an Error Message (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.073000\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"id\": [\"None\", \"176\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.670000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.071000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.762Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 230, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "177", - "object_id": 177, - "object_repr": "SQL Injection (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.230000\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"id\": [\"None\", \"177\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.644000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.227000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.794Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 231, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "178", - "object_id": 178, - "object_repr": "Empty Password in Connection String (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.396000\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"id\": [\"None\", \"178\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.427000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.392000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.815Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 232, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "179", - "object_id": 179, - "object_repr": "CGI Stored XSS (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.589000\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"id\": [\"None\", \"179\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.535000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.583000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.832Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 233, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "180", - "object_id": 180, - "object_repr": "Plaintext Storage in a Cookie (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.758000\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"id\": [\"None\", \"180\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"315\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.948000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.755000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.849Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 234, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "181", - "object_id": 181, - "object_repr": "Information Exposure Through an Error Message (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:33.921000\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"id\": [\"None\", \"181\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.622000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:33.917000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.865Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 235, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "182", - "object_id": 182, - "object_repr": "Hardcoded Password in Connection String (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.101000\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"id\": [\"None\", \"182\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.974000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.096000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.883Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 236, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "183", - "object_id": 183, - "object_repr": "Stored XSS (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.261000\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"id\": [\"None\", \"183\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\"\\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.741000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.258000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.900Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 237, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "184", - "object_id": 184, - "object_repr": "Download of Code Without Integrity Check (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.457000\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"id\": [\"None\", \"184\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.615000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.454000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.917Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 238, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "185", - "object_id": 185, - "object_repr": "Empty Password in Connection String (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.632000\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"id\": [\"None\", \"185\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.597000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.627000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.933Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 239, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "186", - "object_id": 186, - "object_repr": "Heap Inspection (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.811000\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"id\": [\"None\", \"186\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.286000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.807000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.948Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 240, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "187", - "object_id": 187, - "object_repr": "Download of Code Without Integrity Check (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:34.992000\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"id\": [\"None\", \"187\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.804000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:34.989000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.965Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 241, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "188", - "object_id": 188, - "object_repr": "Session Fixation (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.146000\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"id\": [\"None\", \"188\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"384\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.531000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.143000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.981Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 242, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "189", - "object_id": 189, - "object_repr": "Stored XSS (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.308000\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"id\": [\"None\", \"189\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\"\\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\"\\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"\\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\"\\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.955000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.305000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:23.998Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 243, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "190", - "object_id": 190, - "object_repr": "Empty Password in Connection String (dbconnection.jspf)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.488000\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"id\": [\"None\", \"190\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.489000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.484000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.014Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 244, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "191", - "object_id": 191, - "object_repr": "Hardcoded Password in Connection String (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.655000\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"id\": [\"None\", \"191\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.099000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.652000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.030Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 245, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "192", - "object_id": 192, - "object_repr": "Reflected XSS All Clients (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.814000\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"id\": [\"None\", \"192\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.515000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.811000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.046Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 246, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "193", - "object_id": 193, - "object_repr": "HttpOnlyCookies (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:35.984000\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"id\": [\"None\", \"193\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.361000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:35.980000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.063Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 247, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "194", - "object_id": 194, - "object_repr": "Download of Code Without Integrity Check (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.152000\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"id\": [\"None\", \"194\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.851000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.148000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.079Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 248, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "195", - "object_id": 195, - "object_repr": "Stored XSS (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.364000\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"id\": [\"None\", \"195\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.870000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.359000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.159Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 249, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "196", - "object_id": 196, - "object_repr": "Empty Password in Connection String (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.557000\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"id\": [\"None\", \"196\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.567000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.552000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.175Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 250, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "197", - "object_id": 197, - "object_repr": "Reflected XSS All Clients (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.760000\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"id\": [\"None\", \"197\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.563000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.756000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.191Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 251, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "198", - "object_id": 198, - "object_repr": "Improper Resource Access Authorization (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:36.944000\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"id\": [\"None\", \"198\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.009000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:36.938000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.207Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 252, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "199", - "object_id": 199, - "object_repr": "Download of Code Without Integrity Check (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.131000\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"id\": [\"None\", \"199\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.773000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.127000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.222Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 253, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "200", - "object_id": 200, - "object_repr": "Download of Code Without Integrity Check (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.335000\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"id\": [\"None\", \"200\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.866000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.333000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.238Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 254, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "201", - "object_id": 201, - "object_repr": "Improper Resource Access Authorization (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.529000\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"id\": [\"None\", \"201\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.815000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.526000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.254Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 255, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "202", - "object_id": 202, - "object_repr": "Race Condition Format Flaw (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.704000\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"id\": [\"None\", \"202\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"362\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\"\\\" + nf.format(pricetopay) + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.995000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.701000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.271Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 256, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "203", - "object_id": 203, - "object_repr": "Empty Password in Connection String (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:37.904000\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"id\": [\"None\", \"203\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.536000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:37.900000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.287Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 257, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "204", - "object_id": 204, - "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.097000\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"id\": [\"None\", \"204\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.769000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.093000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.303Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 258, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "205", - "object_id": 205, - "object_repr": "Suspected XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.273000\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"id\": [\"None\", \"205\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.260000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.265000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.319Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 259, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "206", - "object_id": 206, - "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.494000\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"id\": [\"None\", \"206\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.655000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.480000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.335Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 260, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "207", - "object_id": 207, - "object_repr": "CGI Stored XSS (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.726000\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"id\": [\"None\", \"207\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.501000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.720000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.351Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 261, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "208", - "object_id": 208, - "object_repr": "Improper Resource Shutdown or Release (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:38.922000\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"id\": [\"None\", \"208\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.363000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:38.918000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.368Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 262, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "209", - "object_id": 209, - "object_repr": "Download of Code Without Integrity Check (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.098000\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"id\": [\"None\", \"209\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.695000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.095000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.384Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 263, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "210", - "object_id": 210, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.259000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"210\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.234000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.256000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.401Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 264, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "211", - "object_id": 211, - "object_repr": "Blind SQL Injections (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.465000\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"id\": [\"None\", \"211\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.255000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.461000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.417Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 265, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "212", - "object_id": 212, - "object_repr": "Client DOM Open Redirect (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.630000\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"id\": [\"None\", \"212\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"601\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.350000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.627000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.433Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 266, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "213", - "object_id": 213, - "object_repr": "Hardcoded Password in Connection String (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.787000\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"id\": [\"None\", \"213\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.224000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.784000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.448Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 267, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "214", - "object_id": 214, - "object_repr": "CGI Stored XSS (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:39.936000\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"id\": [\"None\", \"214\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.423000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:39.933000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.463Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 268, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "215", - "object_id": 215, - "object_repr": "Use of Insufficiently Random Values (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.133000\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"id\": [\"None\", \"215\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.809000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.129000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.478Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 269, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "216", - "object_id": 216, - "object_repr": "Missing X Frame Options (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.291000\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"id\": [\"None\", \"216\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"829\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.889000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.288000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.493Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 270, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "217", - "object_id": 217, - "object_repr": "Reflected XSS All Clients (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.455000\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"id\": [\"None\", \"217\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>

\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.578000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.452000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.509Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 271, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "218", - "object_id": 218, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.624000\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"id\": [\"None\", \"218\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.134000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.621000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.524Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 272, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "219", - "object_id": 219, - "object_repr": "Information Exposure Through an Error Message (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.780000\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"id\": [\"None\", \"219\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.795000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.777000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.538Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 273, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "220", - "object_id": 220, - "object_repr": "Use of Hard Coded Cryptographic Key (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:40.990000\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"id\": [\"None\", \"220\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Hard Coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"321\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.732000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:40.984000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.553Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 274, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "221", - "object_id": 221, - "object_repr": "Reliance on Cookies in a Decision (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.162000\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"id\": [\"None\", \"221\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.103000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.158000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.568Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 275, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "222", - "object_id": 222, - "object_repr": "Stored XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.406000\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"id\": [\"None\", \"222\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.839000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.402000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.583Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 276, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "223", - "object_id": 223, - "object_repr": "CGI Stored XSS (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.600000\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"id\": [\"None\", \"223\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\"\\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.375000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.596000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.598Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 277, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "224", - "object_id": 224, - "object_repr": "Heap Inspection (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.772000\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"id\": [\"None\", \"224\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.345000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.769000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.613Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 278, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "225", - "object_id": 225, - "object_repr": "Improper Resource Shutdown or Release (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:41.947000\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"id\": [\"None\", \"225\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.493000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:41.944000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.628Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 279, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "226", - "object_id": 226, - "object_repr": "Information Exposure Through an Error Message (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.129000\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"id\": [\"None\", \"226\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.780000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.126000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.643Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 280, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "227", - "object_id": 227, - "object_repr": "Improper Resource Access Authorization (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.301000\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"id\": [\"None\", \"227\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.922000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.296000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.658Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 281, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "228", - "object_id": 228, - "object_repr": "CGI Stored XSS (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.482000\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"id\": [\"None\", \"228\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.455000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.479000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.674Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 282, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "229", - "object_id": 229, - "object_repr": "Blind SQL Injections (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.670000\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"id\": [\"None\", \"229\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.204000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.667000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.689Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 283, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "230", - "object_id": 230, - "object_repr": "HttpOnlyCookies in Config (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:42.875000\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"id\": [\"None\", \"230\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies in Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.469000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:42.855000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.705Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 284, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "231", - "object_id": 231, - "object_repr": "Use of Hard Coded Cryptographic Key (AES.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.252000\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"id\": [\"None\", \"231\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Hard Coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"321\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.702000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.249000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.720Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 285, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "232", - "object_id": 232, - "object_repr": "Improper Resource Shutdown or Release (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.521000\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"id\": [\"None\", \"232\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.445000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.516000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.735Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 286, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "233", - "object_id": 233, - "object_repr": "CGI Reflected XSS All Clients (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:43.816000\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"id\": [\"None\", \"233\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.266000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:43.811000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.750Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 287, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "234", - "object_id": 234, - "object_repr": "Stored XSS (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.090000\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"id\": [\"None\", \"234\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.922000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.082000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.765Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 288, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "235", - "object_id": 235, - "object_repr": "Information Exposure Through an Error Message (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.309000\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"id\": [\"None\", \"235\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.573000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.305000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.780Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 289, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "236", - "object_id": 236, - "object_repr": "Improper Resource Access Authorization (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.506000\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"id\": [\"None\", \"236\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.123000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.500000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.795Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 290, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "237", - "object_id": 237, - "object_repr": "Improper Resource Access Authorization (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.703000\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"id\": [\"None\", \"237\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.876000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.700000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.810Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 291, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "238", - "object_id": 238, - "object_repr": "Improper Resource Shutdown or Release (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:44.936000\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"id\": [\"None\", \"238\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.185000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:44.930000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.826Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 292, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "239", - "object_id": 239, - "object_repr": "Information Exposure Through an Error Message (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.150000\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"id\": [\"None\", \"239\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.841000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.147000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.841Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 293, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "240", - "object_id": 240, - "object_repr": "Blind SQL Injections (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.387000\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"id\": [\"None\", \"240\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.302000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.382000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.856Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 294, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "241", - "object_id": 241, - "object_repr": "Reliance on Cookies in a Decision (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.588000\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"id\": [\"None\", \"241\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"784\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.087000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.583000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.871Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 295, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "242", - "object_id": 242, - "object_repr": "Download of Code Without Integrity Check (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:45.816000\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"id\": [\"None\", \"242\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.911000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:45.806000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.886Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 296, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "243", - "object_id": 243, - "object_repr": "Unsynchronized Access to Shared Data (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.040000\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"id\": [\"None\", \"243\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Unsynchronized Access to Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"567\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.322000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.034000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.901Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 297, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "244", - "object_id": 244, - "object_repr": "Empty Password in Connection String (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.325000\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"id\": [\"None\", \"244\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.738000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.316000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.916Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 298, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "245", - "object_id": 245, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.571000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"245\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.201000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.567000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.931Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 299, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "246", - "object_id": 246, - "object_repr": "Improper Resource Access Authorization (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:46.801000\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"id\": [\"None\", \"246\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.074000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:46.793000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.947Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 300, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "247", - "object_id": 247, - "object_repr": "Session Fixation (logout.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.007000\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"id\": [\"None\", \"247\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"384\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.546000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.002000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.963Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 301, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "248", - "object_id": 248, - "object_repr": "Hardcoded Password in Connection String (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.229000\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"id\": [\"None\", \"248\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.115000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.225000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.977Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 302, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "249", - "object_id": 249, - "object_repr": "Hardcoded Password in Connection String (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.445000\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"id\": [\"None\", \"249\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Hardcoded Password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"547\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.942000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.440000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:24.992Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 303, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "250", - "object_id": 250, - "object_repr": "Improper Resource Access Authorization (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.662000\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"id\": [\"None\", \"250\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.938000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.659000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.007Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 304, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "251", - "object_id": 251, - "object_repr": "Improper Resource Access Authorization (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:47.867000\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"id\": [\"None\", \"251\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.862000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:47.864000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.025Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 305, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "252", - "object_id": 252, - "object_repr": "Empty Password in Connection String (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.018000\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"id\": [\"None\", \"252\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.722000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.015000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.040Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 306, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "253", - "object_id": 253, - "object_repr": "Improper Resource Shutdown or Release (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.175000\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"id\": [\"None\", \"253\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.380000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.171000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.055Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 307, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "254", - "object_id": 254, - "object_repr": "Improper Resource Shutdown or Release (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.382000\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"id\": [\"None\", \"254\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.429000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.378000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.071Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 308, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "255", - "object_id": 255, - "object_repr": "Empty Password in Connection String (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.563000\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"id\": [\"None\", \"255\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.628000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.560000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.086Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 309, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "256", - "object_id": 256, - "object_repr": "Information Exposure Through an Error Message (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.761000\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"id\": [\"None\", \"256\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.702000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.755000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.101Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 310, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "257", - "object_id": 257, - "object_repr": "Use of Insufficiently Random Values (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:48.957000\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"id\": [\"None\", \"257\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.748000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:48.954000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.117Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 311, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "258", - "object_id": 258, - "object_repr": "Stored XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.162000\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"id\": [\"None\", \"258\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.788000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.157000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.132Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 312, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "259", - "object_id": 259, - "object_repr": "HttpOnlyCookies (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.539000\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"id\": [\"None\", \"259\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"10706\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.391000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.535000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.146Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 313, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "260", - "object_id": 260, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.721000\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"id\": [\"None\", \"260\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"614\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.211000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.716000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.161Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 314, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "261", - "object_id": 261, - "object_repr": "Information Exposure Through an Error Message (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:49.927000\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"id\": [\"None\", \"261\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.654000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:49.923000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.176Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 315, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "262", - "object_id": 262, - "object_repr": "Race Condition Format Flaw (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.136000\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"id\": [\"None\", \"262\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"362\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.026000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.131000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.190Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 316, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "263", - "object_id": 263, - "object_repr": "Stored XSS (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.351000\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"id\": [\"None\", \"263\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.887000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.345000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.205Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 317, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "264", - "object_id": 264, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.575000\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"id\": [\"None\", \"264\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.282000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.571000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.222Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 318, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "265", - "object_id": 265, - "object_repr": "Heap Inspection (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.779000\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"id\": [\"None\", \"265\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"244\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.240000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.772000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.237Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 319, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "266", - "object_id": 266, - "object_repr": "CGI Reflected XSS All Clients (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:50.992000\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"id\": [\"None\", \"266\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.298000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:50.988000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.252Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 320, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "267", - "object_id": 267, - "object_repr": "Empty Password in Connection String (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.212000\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"id\": [\"None\", \"267\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Empty Password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"259\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.458000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.206000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.267Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 321, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "268", - "object_id": 268, - "object_repr": "Information Exposure Through an Error Message (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.383000\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"id\": [\"None\", \"268\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"209\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.749000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.380000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.282Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 322, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "269", - "object_id": 269, - "object_repr": "XSRF (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.544000\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"id\": [\"None\", \"269\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"352\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.824000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.541000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.297Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 323, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "270", - "object_id": 270, - "object_repr": "Download of Code Without Integrity Check (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.721000\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"id\": [\"None\", \"270\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.648000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.719000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.313Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 324, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "271", - "object_id": 271, - "object_repr": "Improper Resource Access Authorization (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:51.877000\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"id\": [\"None\", \"271\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.041000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:51.872000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.328Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 325, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "272", - "object_id": 272, - "object_repr": "Download of Code Without Integrity Check (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.049000\"], \"hash_code\": [\"None\", \"f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e\"], \"id\": [\"None\", \"272\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"494\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\\n\\n**Line Number:** 1\\n**Column:** 680\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.664000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.046000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.343Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 326, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "273", - "object_id": 273, - "object_repr": "Improper Resource Access Authorization (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.209000\"], \"hash_code\": [\"None\", \"5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099\"], \"id\": [\"None\", \"273\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\\n\\n**Line Number:** 12\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 12\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.800000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.205000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"12\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.358Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 327, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "274", - "object_id": 274, - "object_repr": "Use of Cryptographically Weak PRNG (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.388000\"], \"hash_code\": [\"None\", \"39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2\"], \"id\": [\"None\", \"274\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"338\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.609000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.385000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.373Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 328, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "275", - "object_id": 275, - "object_repr": "Improper Resource Shutdown or Release (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.571000\"], \"hash_code\": [\"None\", \"82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b\"], \"id\": [\"None\", \"275\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-03-16\"], \"cwe\": [\"None\", \"404\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\\n\\n**Line Number:** 24\\n**Column:** 377\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 398\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 27\\n**Code:** stmt.setString(1, username);\\n-----\\n**Line Number:** 28\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 28\\n**Code:** stmt.setString(2, comments);\\n-----\\n**Line Number:** 29\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 29\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:17.298000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.568000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.388Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 329, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "276", - "object_id": 276, - "object_repr": "Reflected XSS All Clients (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.771000\"], \"hash_code\": [\"None\", \"52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e\"], \"id\": [\"None\", \"276\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"79\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.531000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.766000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.404Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 330, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "277", - "object_id": 277, - "object_repr": "Use of Insufficiently Random Values (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:52.938000\"], \"hash_code\": [\"None\", \"67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a\"], \"id\": [\"None\", \"277\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2020-02-15\"], \"cwe\": [\"None\", \"330\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.778000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:52.933000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.419Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 331, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "278", - "object_id": 278, - "object_repr": "SQL Injection (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:03:53.124000\"], \"hash_code\": [\"None\", \"a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9\"], \"id\": [\"None\", \"278\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"sla_expiration_date\": [\"None\", \"2019-12-17\"], \"cwe\": [\"None\", \"89\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.612000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 09:03:53.121000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.433Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 332, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "279", - "object_id": 279, - "object_repr": "Test", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 09:36:25.003000\"], \"hash_code\": [\"None\", \"df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5\"], \"id\": [\"None\", \"279\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Test\"], \"date\": [\"None\", \"2021-11-03\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"No url given\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"asdf\"], \"mitigation\": [\"None\", \"adf\"], \"impact\": [\"None\", \"asdf\"], \"steps_to_reproduce\": [\"None\", \"\"], \"severity_justification\": [\"None\", \"\"], \"references\": [\"None\", \"No references given\"], \"test\": [\"None\", \"Pen Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.675000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.448Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 333, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "280", - "object_id": 280, - "object_repr": "Notepad++.exe | CVE-2007-2666", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:44:35.863000\"], \"hash_code\": [\"None\", \"1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a\"], \"id\": [\"None\", \"280\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Notepad++.exe | CVE-2007-2666\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"1035\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\\n\\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"name: 23961\\nsource: BID\\nurl: http://www.securityfocus.com/bid/23961\\n\\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\\n\\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\\n\\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\nsource: CONFIRM\\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\n\\nname: 3912\\nsource: MILW0RM\\nurl: http://www.milw0rm.com/exploits/3912\\n\\nname: ADV-2007-1794\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1794\\n\\nname: ADV-2007-1867\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1867\\n\\nname: notepadplus-rb-bo(34269)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34269\\n\\nname: scintilla-rb-bo(34372)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34372\\n\\n\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.440000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:44:35.859000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.462Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 334, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "281", - "object_id": 281, - "object_repr": "Notepad++.exe | CVE-2008-3436", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:44:36.140000\"], \"hash_code\": [\"None\", \"b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb\"], \"id\": [\"None\", \"281\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Notepad++.exe | CVE-2008-3436\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"1035\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-94 Improper Control of Generation of Code ('Code Injection')\\n\\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\\nsource: FULLDISC\\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\\n\\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\nsource: MISC\\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\n\\n\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.456000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:44:36.137000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.477Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 335, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "282", - "object_id": 282, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.484000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"282\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\ViewAccountInfo.aspx.cs\\nLine: 22\\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.352000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.480000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.493Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 336, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "283", - "object_id": 283, - "object_repr": ".NET Debugging Enabled", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.676000\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"id\": [\"None\", \"283\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Web.config\\nLine: 25\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.001000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.674000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.508Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 337, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "284", - "object_id": 284, - "object_repr": "URL Request Gets Path From Variable", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:06.857000\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"id\": [\"None\", \"284\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"URL Request Gets Path From Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 72\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.127000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:06.854000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.523Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 338, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "285", - "object_id": 285, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.054000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"285\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\StealCookies.aspx.cs\\nLine: 19\\nCodeLine: TODO: Mail the cookie in real time.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.513000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.052000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.537Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 339, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "286", - "object_id": 286, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.234000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"286\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\CustomerRepository.cs\\nLine: 41\\nCodeLine: TODO: Add try/catch logic\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.481000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.231000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.552Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 340, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "287", - "object_id": 287, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.429000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"287\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\ShipperRepository.cs\\nLine: 37\\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.467000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.426000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.567Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 341, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "288", - "object_id": 288, - "object_repr": ".NET Debugging Enabled", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.619000\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"id\": [\"None\", \"288\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\Web.config\\nLine: 6\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.986000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.616000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.581Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 342, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "289", - "object_id": 289, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:07.818000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"289\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 58\\nCodeLine: TODO: Put this in try/catch as well\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.452000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:07.815000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.595Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 343, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "290", - "object_id": 290, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.024000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"290\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 145\\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.438000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.021000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.610Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 344, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "291", - "object_id": 291, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.214000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"291\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Order.cs\\nLine: 27\\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.423000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.212000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.626Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 345, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "292", - "object_id": 292, - "object_repr": "URL Request Gets Path From Variable", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.407000\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"id\": [\"None\", \"292\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"URL Request Gets Path From Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\Register.aspx.cs\\nLine: 35\\nCodeLine: Response.Redirect(continueUrl);\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.157000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.405000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.642Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 346, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "293", - "object_id": 293, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.576000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"293\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogResponseRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.408000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.574000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.657Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 347, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "294", - "object_id": 294, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.774000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"294\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogEntryRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.395000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.770000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.672Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 348, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "295", - "object_id": 295, - "object_repr": "URL Request Gets Path From Variable", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:08.994000\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"id\": [\"None\", \"295\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"URL Request Gets Path From Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 25\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.142000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:08.991000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.689Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 349, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "296", - "object_id": 296, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.157000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"296\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 16\\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.528000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.155000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.705Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 350, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "297", - "object_id": 297, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.337000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"297\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 41\\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.496000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.334000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.720Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 351, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "298", - "object_id": 298, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.514000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"298\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 59\\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.381000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.511000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.736Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 352, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "299", - "object_id": 299, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 06:46:09.700000\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"id\": [\"None\", \"299\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 102\\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.366000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:46:09.697000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.752Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 353, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "300", - "object_id": 300, - "object_repr": "Password Field With Autocomplete Enabled", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:17.890000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"id\": [\"None\", \"300\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Password Field With Autocomplete Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.095000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.769Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 354, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "301", - "object_id": 301, - "object_repr": "Frameable Response (Potential Clickjacking)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.169000\"], \"scanner_confidence\": [\"None\", \"4\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"id\": [\"None\", \"301\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Frameable Response (Potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.606000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.785Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 355, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "302", - "object_id": 302, - "object_repr": "Cross-Site Scripting (Reflected)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.645000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"id\": [\"None\", \"302\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cross-Site Scripting (Reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.375000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.801Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 356, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "303", - "object_id": 303, - "object_repr": "Unencrypted Communications", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:18.860000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"id\": [\"None\", \"303\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Unencrypted Communications\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.173000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.819Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 357, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "304", - "object_id": 304, - "object_repr": "Password Returned in Later Response", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.072000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"id\": [\"None\", \"304\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Password Returned in Later Response\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.078000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.835Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 358, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "305", - "object_id": 305, - "object_repr": "Email Addresses Disclosed", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.278000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"id\": [\"None\", \"305\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Email Addresses Disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.590000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.851Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 359, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "306", - "object_id": 306, - "object_repr": "Cross-Site Request Forgery", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.559000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"id\": [\"None\", \"306\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cross-Site Request Forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.543000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.867Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 360, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "307", - "object_id": 307, - "object_repr": "SQL Injection", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:19.783000\"], \"scanner_confidence\": [\"None\", \"4\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"id\": [\"None\", \"307\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.422000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.883Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 361, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "308", - "object_id": 308, - "object_repr": "Path-Relative Style Sheet Import", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:20.049000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"id\": [\"None\", \"308\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Path-Relative Style Sheet Import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.639000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.901Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 362, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "309", - "object_id": 309, - "object_repr": "Cleartext Submission of Password", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 06:47:20.461000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"id\": [\"None\", \"309\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cleartext Submission of Password\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.346000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 06:47:38.584000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.920Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 363, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "310", - "object_id": 310, - "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.067000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"310\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 59\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(notFound)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.187000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.064000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.936Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 364, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "311", - "object_id": 311, - "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.320000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"311\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 58\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.219000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.317000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.953Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 365, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "312", - "object_id": 312, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.592000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"312\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 165\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.981000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.590000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.972Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 366, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "313", - "object_id": 313, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:18.815000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"313\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 82\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.951000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:18.813000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:25.989Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 367, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "314", - "object_id": 314, - "object_repr": "SQL String Formatting-G201", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.003000\"], \"hash_code\": [\"None\", \"929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd\"], \"id\": [\"None\", \"314\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL String Formatting-G201\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\\nLine number: 36-39\\nIssue Confidence: HIGH\\n\\nCode:\\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \\n\\t\\t\\t\\t\\t\\t\\t\\tFROM Profile as p,Users as u \\n\\t\\t\\t\\t\\t\\t\\t\\twhere p.user_id = u.id \\n\\t\\t\\t\\t\\t\\t\\t\\tand u.id=%s`,uid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.094000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/sqli/function.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.005Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 368, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "315", - "object_id": 315, - "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.202000\"], \"hash_code\": [\"None\", \"58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5\"], \"id\": [\"None\", \"315\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.017000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.199000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.022Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 369, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "316", - "object_id": 316, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.412000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"316\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 124\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.997000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.409000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.038Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 370, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "317", - "object_id": 317, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.621000\"], \"hash_code\": [\"None\", \"847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af\"], \"id\": [\"None\", \"317\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 63\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.935000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.618000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.053Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 371, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "318", - "object_id": 318, - "object_repr": "Use of Weak Cryptographic Primitive-G401", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:19.850000\"], \"hash_code\": [\"None\", \"01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f\"], \"id\": [\"None\", \"318\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Weak Cryptographic Primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 164\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.140000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:19.848000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.070Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 372, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "319", - "object_id": 319, - "object_repr": "Use of Weak Cryptographic Primitive-G401", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.057000\"], \"hash_code\": [\"None\", \"493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4\"], \"id\": [\"None\", \"319\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Weak Cryptographic Primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 160\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.124000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.054000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.086Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 373, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "320", - "object_id": 320, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.248000\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"id\": [\"None\", \"320\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 35\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write(b)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.966000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.246000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.102Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 374, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "321", - "object_id": 321, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.441000\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"id\": [\"None\", \"321\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 70\\nIssue Confidence: HIGH\\n\\nCode:\\nsqlmapDetected, _ := regexp.MatchString(\\\"sqlmap*\\\", userAgent)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.889000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.438000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.119Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 375, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "322", - "object_id": 322, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.634000\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"id\": [\"None\", \"322\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 73\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write([]byte(\\\"Forbidden\\\"))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.048000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.631000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.135Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 376, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "323", - "object_id": 323, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:20.811000\"], \"hash_code\": [\"None\", \"2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95\"], \"id\": [\"None\", \"323\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/app.go\\nLine number: 79\\nIssue Confidence: HIGH\\n\\nCode:\\ns.ListenAndServe()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.857000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:20.808000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/app.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.151Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 377, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "324", - "object_id": 324, - "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.004000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"324\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 62\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.236000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.002000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.166Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 378, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "325", - "object_id": 325, - "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.191000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"325\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 63\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(vuln)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.203000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.189000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.181Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 379, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "326", - "object_id": 326, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.369000\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"id\": [\"None\", \"326\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 66\\nIssue Confidence: HIGH\\n\\nCode:\\n_ = db.QueryRow(sql).Scan(&version)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.904000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.366000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.197Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 380, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "327", - "object_id": 327, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.561000\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"id\": [\"None\", \"327\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 64\\nIssue Confidence: HIGH\\n\\nCode:\\ndb,_ := database.Connect()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.919000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.559000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.213Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 381, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "328", - "object_id": 328, - "object_repr": "Use of Weak Cryptographic Primitive-G401", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.744000\"], \"hash_code\": [\"None\", \"409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692\"], \"id\": [\"None\", \"328\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Use of Weak Cryptographic Primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 62\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.109000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.741000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.229Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 382, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "329", - "object_id": 329, - "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:21.930000\"], \"hash_code\": [\"None\", \"822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1\"], \"id\": [\"None\", \"329\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 7\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.032000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:21.928000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.245Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 383, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "330", - "object_id": 330, - "object_repr": "Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.124000\"], \"hash_code\": [\"None\", \"1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca\"], \"id\": [\"None\", \"330\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Blacklisted Import Crypto/Md5: Weak Cryptographic Primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.048000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.121000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.261Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 384, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "331", - "object_id": 331, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.308000\"], \"hash_code\": [\"None\", \"9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a\"], \"id\": [\"None\", \"331\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/cookie.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\ncookie, _ := r.Cookie(name)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.014000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.306000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/cookie.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.278Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 385, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "332", - "object_id": 332, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.551000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"332\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:15.873000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.548000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.293Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 386, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "333", - "object_id": 333, - "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.773000\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"id\": [\"None\", \"333\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 100\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(inlineJS)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.156000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.771000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.309Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 387, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "334", - "object_id": 334, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:22.989000\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"id\": [\"None\", \"334\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 61\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.081000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:22.986000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.325Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 388, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "335", - "object_id": 335, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.204000\"], \"hash_code\": [\"None\", \"27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa\"], \"id\": [\"None\", \"335\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 161\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.065000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.200000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.342Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 389, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "336", - "object_id": 336, - "object_repr": "Errors Unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.489000\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"id\": [\"None\", \"336\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Errors Unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 41\\nIssue Confidence: HIGH\\n\\nCode:\\ntemplate.ExecuteTemplate(w, name, data)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.030000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.486000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.358Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 390, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "337", - "object_id": 337, - "object_repr": "This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-05 07:07:23.721000\"], \"hash_code\": [\"None\", \"2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66\"], \"id\": [\"None\", \"337\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"This Method Will Not Auto-Escape HTML. Verify Data Is Well Formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 45\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(text)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.172000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 07:07:23.717000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.373Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 391, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "338", - "object_id": 338, - "object_repr": "Password Field With Autocomplete Enabled", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:05.946000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"id\": [\"None\", \"338\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Password Field With Autocomplete Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.111000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:05.943000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.390Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 392, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "339", - "object_id": 339, - "object_repr": "Frameable Response (Potential Clickjacking)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:06.237000\"], \"scanner_confidence\": [\"None\", \"4\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"id\": [\"None\", \"339\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Frameable Response (Potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.622000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:06.233000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.407Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 393, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "340", - "object_id": 340, - "object_repr": "Cross-Site Scripting (Reflected)", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:06.742000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"id\": [\"None\", \"340\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cross-Site Scripting (Reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.391000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:06.738000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.423Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 394, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "341", - "object_id": 341, - "object_repr": "Unencrypted Communications", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.038000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"id\": [\"None\", \"341\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Unencrypted Communications\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-03-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:16.189000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.036000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.439Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 395, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "342", - "object_id": 342, - "object_repr": "Password Returned in Later Response", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.297000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"id\": [\"None\", \"342\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Password Returned in Later Response\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2022-02-01\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:14.063000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.294000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.456Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 396, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "343", - "object_id": 343, - "object_repr": "Email Addresses Disclosed", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.547000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"id\": [\"None\", \"343\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Email Addresses Disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.575000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.545000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.472Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 397, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "344", - "object_id": 344, - "object_repr": "Cross-Site Request Forgery", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:07.888000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"id\": [\"None\", \"344\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cross-Site Request Forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.559000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:07.885000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.488Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 398, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "345", - "object_id": 345, - "object_repr": "SQL Injection", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.144000\"], \"scanner_confidence\": [\"None\", \"4\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"id\": [\"None\", \"345\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"SQL Injection\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.406000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.140000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.505Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 399, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "346", - "object_id": 346, - "object_repr": "Path-Relative Style Sheet Import", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.440000\"], \"scanner_confidence\": [\"None\", \"7\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"id\": [\"None\", \"346\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Path-Relative Style Sheet Import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:18.658000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.437000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.523Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 400, - "fields": { - "content_type": [ - "dojo", - "finding" - ], - "object_pk": "347", - "object_id": 347, - "object_repr": "Cleartext Submission of Password", - "serialized_data": null, - "action": 0, - "changes": "{\"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-05 10:43:08.906000\"], \"scanner_confidence\": [\"None\", \"1\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"id\": [\"None\", \"347\"], \"original_finding\": [\"None\", \"dojo.Finding.None\"], \"title\": [\"None\", \"Cleartext Submission of Password\"], \"date\": [\"None\", \"2021-11-03\"], \"sla_expiration_date\": [\"None\", \"2021-12-03\"], \"cwe\": [\"None\", \"0\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"references\": [\"None\", \"\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"last_status_update\": [\"None\", \"2025-01-17 16:52:13.360000\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"(admin)\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-05 10:43:08.902000\"], \"last_reviewed_by\": [\"None\", \"(admin)\"], \"static_finding\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.541Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 401, - "fields": { - "content_type": [ - "dojo", - "finding_template" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "XSS template", - "serialized_data": null, - "action": 0, - "changes": "{\"id\": [\"None\", \"1\"], \"title\": [\"None\", \"XSS template\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"XSS test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.556Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 402, - "fields": { - "content_type": [ - "dojo", - "finding_template" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "SQLi template", - "serialized_data": null, - "action": 0, - "changes": "{\"id\": [\"None\", \"2\"], \"title\": [\"None\", \"SQLi template\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"SQLi test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.561Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 403, - "fields": { - "content_type": [ - "dojo", - "finding_template" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "CSRF template", - "serialized_data": null, - "action": 0, - "changes": "{\"id\": [\"None\", \"3\"], \"title\": [\"None\", \"CSRF template\"], \"severity\": [\"None\", \"MEDIUM\"], \"description\": [\"None\", \"CSRF test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.566Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 404, - "fields": { - "content_type": [ - "dojo", - "risk_acceptance" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "Simple Builtin Risk Acceptance", - "serialized_data": null, - "action": 0, - "changes": "{\"name\": [\"None\", \"Simple Builtin Risk Acceptance\"], \"recommendation\": [\"None\", \"F\"], \"decision\": [\"None\", \"A\"], \"decision_details\": [\"None\", \"These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.\"], \"path\": [\"None\", \"\"], \"owner\": [\"None\", \"(admin)\"], \"reactivate_expired\": [\"None\", \"True\"], \"restart_sla_expired\": [\"None\", \"False\"], \"created\": [\"None\", \"2024-01-29 15:35:18.089000\"], \"updated\": [\"None\", \"2024-01-29 15:35:18.089000\"], \"id\": [\"None\", \"1\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-17T17:31:26.645Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 803, - "fields": { - "content_type": [ - "dojo", - "tagulous_product_tags" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "BodgeIt", - "serialized_data": null, - "action": 0, - "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"BodgeIt\"], \"description\": [\"None\", \"[Features](https://github.com/psiinon/bodgeit) and characteristics:\\r\\n\\r\\n* Easy to install - just requires java and a servlet engine, e.g. Tomcat\\r\\n* Self contained (no additional dependencies other than to 2 in the above line)\\r\\n* Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required\\r\\n* Cross platform\\r\\n* Open source\\r\\n* No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(product_manager)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"1\"], \"tid\": [\"None\", \"0\"], \"prod_numeric_grade\": [\"None\", \"5\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"internal\"], \"user_records\": [\"None\", \"1000000000\"], \"revenue\": [\"None\", \"1000.00\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"True\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:04.490Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 804, - "fields": { - "content_type": [ - "dojo", - "tagulous_product_tags" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "Internal CRM App", - "serialized_data": null, - "action": 0, - "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Internal CRM App\"], \"description\": [\"None\", \"* New product in development that attempts to follow all best practices\"], \"product_manager\": [\"None\", \"(product_manager)\"], \"technical_contact\": [\"None\", \"(product_manager)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Commerce\"], \"id\": [\"None\", \"2\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"medium\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"construction\"], \"origin\": [\"None\", \"internal\"], \"external_audience\": [\"None\", \"False\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:04.613Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 805, - "fields": { - "content_type": [ - "dojo", - "tagulous_product_tags" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "Apple Accounting Software", - "serialized_data": null, - "action": 0, - "changes": "{\"product\": [\"None\", \"dojo.Cred_Mapping.None\"], \"product_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"name\": [\"None\", \"Apple Accounting Software\"], \"description\": [\"None\", \"Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\\r\\n\\r\\n**Core modules**\\r\\n\\r\\n* Accounts receivable\\u2014where the company enters money received\\r\\n* Accounts payable\\u2014where the company enters its bills and pays money it owes\\r\\n* General ledger\\u2014the company's \\\"books\\\"\\r\\n* Billing\\u2014where the company produces invoices to clients/customers\"], \"product_manager\": [\"None\", \"(admin)\"], \"technical_contact\": [\"None\", \"(user2)\"], \"team_manager\": [\"None\", \"(user2)\"], \"prod_type\": [\"None\", \"Billing\"], \"id\": [\"None\", \"3\"], \"tid\": [\"None\", \"0\"], \"business_criticality\": [\"None\", \"high\"], \"platform\": [\"None\", \"web\"], \"lifecycle\": [\"None\", \"production\"], \"origin\": [\"None\", \"purchased\"], \"user_records\": [\"None\", \"5000\"], \"external_audience\": [\"None\", \"True\"], \"internet_accessible\": [\"None\", \"False\"], \"enable_simple_risk_acceptance\": [\"None\", \"False\"], \"enable_full_risk_acceptance\": [\"None\", \"True\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:04.640Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 806, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "Engagement: 1st Quarter Engagement (Jun 30, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"1st Quarter Engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"lead\": [\"None\", \"product_manager\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:04.733Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 807, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "Engagement: April Monthly Engagement (Jun 30, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"April Monthly Engagement\"], \"description\": [\"None\", \"Requested by the team for regular manual checkup by the security team.\"], \"target_start\": [\"None\", \"2021-06-30\"], \"target_end\": [\"None\", \"2021-06-30\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 16:53:40.301000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"2\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:04.791Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 808, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "Engagement: weekly engagement (Jun 21, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"weekly engagement\"], \"description\": [\"None\", \"test Engagement\"], \"target_start\": [\"None\", \"2021-06-21\"], \"target_end\": [\"None\", \"2021-06-22\"], \"lead\": [\"None\", \"product_manager\"], \"product\": [\"None\", \"Internal CRM App\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"3\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:04.848Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 809, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "4", - "object_id": 4, - "object_repr": "Engagement: Static Scan (Nov 03, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Static Scan\"], \"description\": [\"None\", \"Initial static scan for Bodgeit.\"], \"version\": [\"None\", \"v.1.2.0\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-10\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 16:52:49.157000\"], \"created\": [\"None\", \"2021-11-03 16:38:51.078000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"4\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:04.907Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 810, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "6", - "object_id": 6, - "object_repr": "Engagement: Quarterly PCI Scan (Jan 19, 2022)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Quarterly PCI Scan\"], \"description\": [\"None\", \"Reccuring Quarterly Scan\"], \"target_start\": [\"None\", \"2022-01-19\"], \"target_end\": [\"None\", \"2022-01-26\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-03 17:04:37.770000\"], \"created\": [\"None\", \"2021-11-03 17:03:19.811000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"6\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:04.966Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 811, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "7", - "object_id": 7, - "object_repr": "Engagement: Ad Hoc Engagement (Nov 03, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Ad Hoc Engagement\"], \"target_start\": [\"None\", \"2021-11-03\"], \"target_end\": [\"None\", \"2021-11-03\"], \"product\": [\"None\", \"Internal CRM App\"], \"updated\": [\"None\", \"2021-11-03 17:14:05.567000\"], \"created\": [\"None\", \"2021-11-03 17:14:05.567000\"], \"active\": [\"None\", \"False\"], \"threat_model\": [\"None\", \"True\"], \"api_test\": [\"None\", \"True\"], \"pen_test\": [\"None\", \"True\"], \"check_list\": [\"None\", \"True\"], \"status\": [\"None\", \"\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"7\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.031Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 812, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "8", - "object_id": 8, - "object_repr": "Engagement: Initial Assessment (Dec 20, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Initial Assessment\"], \"description\": [\"None\", \"This application needs to be assesed to determine the security posture.\"], \"version\": [\"None\", \"10.2.1\"], \"target_start\": [\"None\", \"2021-12-20\"], \"target_end\": [\"None\", \"2021-12-27\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"Apple Accounting Software\"], \"updated\": [\"None\", \"2021-11-03 17:22:19.912000\"], \"created\": [\"None\", \"2021-11-03 17:20:41.547000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Not Started\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"8\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.084Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 813, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "10", - "object_id": 10, - "object_repr": "Engagement: Multiple scanners (Nov 04, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Multiple scanners\"], \"description\": [\"None\", \"Example engagement with multiple scan types.\"], \"version\": [\"None\", \"1.2.1\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:27:29.906000\"], \"created\": [\"None\", \"2021-11-04 14:22:26.204000\"], \"active\": [\"None\", \"False\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"10\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.144Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 814, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "11", - "object_id": 11, - "object_repr": "Engagement: Manual PenTest (Dec 30, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"Manual PenTest\"], \"description\": [\"None\", \"Please do a manual pentest before our next release to prod.\"], \"version\": [\"None\", \"1.9.1\"], \"target_start\": [\"None\", \"2021-12-30\"], \"target_end\": [\"None\", \"2022-01-02\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:33:33.053000\"], \"created\": [\"None\", \"2021-11-04 14:32:02.311000\"], \"active\": [\"None\", \"True\"], \"test_strategy\": [\"None\", \"\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Blocked\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"11\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.216Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 815, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "12", - "object_id": 12, - "object_repr": "Engagement: CI/CD Baseline Security Test (Nov 04, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"CI/CD Baseline Security Test\"], \"description\": [\"None\", \"\"], \"version\": [\"None\", \"1.1.2\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-11\"], \"lead\": [\"None\", \"admin\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 14:45:34.557000\"], \"created\": [\"None\", \"2021-11-04 14:44:16.567000\"], \"active\": [\"None\", \"False\"], \"tracker\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"Completed\"], \"progress\": [\"None\", \"other\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"CI/CD\"], \"build_id\": [\"None\", \"89\"], \"commit_hash\": [\"None\", \"b8ca612dbbd45f37d62c7b9d3e9521a31438aaa6\"], \"branch_tag\": [\"None\", \"master\"], \"source_code_management_uri\": [\"None\", \"https://github.com/psiinon/bodgeit\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"12\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.275Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 816, - "fields": { - "content_type": [ - "dojo", - "engagement_presets" - ], - "object_pk": "13", - "object_id": 13, - "object_repr": "Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)", - "serialized_data": null, - "action": 0, - "changes": "{\"engagement\": [\"None\", \"dojo.Cred_Mapping.None\"], \"name\": [\"None\", \"AdHoc Import - Fri, 17 Aug 2018 18:20:55\"], \"target_start\": [\"None\", \"2021-11-04\"], \"target_end\": [\"None\", \"2021-11-04\"], \"product\": [\"None\", \"BodgeIt\"], \"updated\": [\"None\", \"2021-11-04 18:20:55.877000\"], \"created\": [\"None\", \"2021-11-04 18:20:55.877000\"], \"active\": [\"None\", \"True\"], \"threat_model\": [\"None\", \"False\"], \"api_test\": [\"None\", \"False\"], \"pen_test\": [\"None\", \"False\"], \"check_list\": [\"None\", \"False\"], \"status\": [\"None\", \"In Progress\"], \"progress\": [\"None\", \"threat_model\"], \"tmodel_path\": [\"None\", \"none\"], \"done_testing\": [\"None\", \"False\"], \"engagement_type\": [\"None\", \"Interactive\"], \"eng_for_check\": [\"None\", \"dojo.Check_List.None\"], \"deduplication_on_engagement\": [\"None\", \"False\"], \"id\": [\"None\", \"13\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.336Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 817, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "1", - "object_id": 1, - "object_repr": "http://127.0.0.1//endpoint/420/edit/", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"80\"], \"path\": [\"None\", \"/endpoint/420/edit/\"], \"product\": [\"None\", \"Internal CRM App\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.366Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 818, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "ftp://localhost//", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"2\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"ftp\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"21\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.389Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 819, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "ssh://127.0.0.1", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"3\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"ssh\"], \"host\": [\"None\", \"127.0.0.1\"], \"port\": [\"None\", \"22\"], \"product\": [\"None\", \"Apple Accounting Software\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.409Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 820, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "4", - "object_id": 4, - "object_repr": "http://localhost:8888//bodgeit/login.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"4\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/login.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.429Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 821, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "5", - "object_id": 5, - "object_repr": "127.0.0.1", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"5\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"host\": [\"None\", \"127.0.0.1\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.449Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 822, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "6", - "object_id": 6, - "object_repr": "http://localhost:8888//bodgeit/register.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"6\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/register.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.469Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 823, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "7", - "object_id": 7, - "object_repr": "http://localhost:8888//bodgeit/password.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"7\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/password.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.491Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 824, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "8", - "object_id": 8, - "object_repr": "http://localhost:8888//bodgeit/", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"8\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.512Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 825, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "9", - "object_id": 9, - "object_repr": "http://localhost:8888//bodgeit/basket.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"9\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/basket.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.533Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 826, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "10", - "object_id": 10, - "object_repr": "http://localhost:8888//bodgeit/advanced.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"10\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/advanced.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.556Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 827, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "11", - "object_id": 11, - "object_repr": "http://localhost:8888//bodgeit/admin.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"11\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/admin.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.575Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 828, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "12", - "object_id": 12, - "object_repr": "http://localhost:8888//bodgeit/about.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"12\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/about.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.596Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 829, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "13", - "object_id": 13, - "object_repr": "http://localhost:8888//bodgeit/contact.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"13\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/contact.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.617Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 830, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "14", - "object_id": 14, - "object_repr": "http://localhost:8888//bodgeit/home.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"14\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/home.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.636Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 831, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "15", - "object_id": 15, - "object_repr": "http://localhost:8888//bodgeit/product.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"15\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/product.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.657Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 832, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "16", - "object_id": 16, - "object_repr": "http://localhost:8888//bodgeit/score.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"16\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/score.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.676Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 833, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "17", - "object_id": 17, - "object_repr": "http://localhost:8888//bodgeit/search.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"17\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/search.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.696Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 834, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "18", - "object_id": 18, - "object_repr": "http://localhost:8888//", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"18\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.715Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 835, - "fields": { - "content_type": [ - "dojo", - "endpoint_params" - ], - "object_pk": "19", - "object_id": 19, - "object_repr": "http://localhost:8888//bodgeit/logout.jsp", - "serialized_data": null, - "action": 0, - "changes": "{\"mitigated\": [\"None\", \"False\"], \"id\": [\"None\", \"19\"], \"endpoint_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"status_endpoint\": [\"None\", \"dojo.Endpoint_Status.None\"], \"protocol\": [\"None\", \"http\"], \"host\": [\"None\", \"localhost\"], \"port\": [\"None\", \"8888\"], \"path\": [\"None\", \"/bodgeit/logout.jsp\"], \"product\": [\"None\", \"BodgeIt\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.737Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 836, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "API Test", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"00:00:00\"], \"actual_time\": [\"None\", \"00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"3\"], \"engagement\": [\"None\", \"Engagement: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.775Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 837, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "13", - "object_id": 13, - "object_repr": "API Test", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-03-21 01:00:00\"], \"target_end\": [\"None\", \"2021-03-22 01:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"13\"], \"engagement\": [\"None\", \"Engagement: April Monthly Engagement (Jun 30, 2021)\"], \"lead\": [\"None\", \"product_manager\"], \"test_type\": [\"None\", \"API Test\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.802Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 838, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "14", - "object_id": 14, - "object_repr": "API Test", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-02-18 00:00:00\"], \"target_end\": [\"None\", \"2021-02-27 00:00:00\"], \"estimated_time\": [\"None\", \"02:00:00\"], \"actual_time\": [\"None\", \"00:30:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"AWS\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"14\"], \"engagement\": [\"None\", \"Engagement: 1st Quarter Engagement (Jun 30, 2021)\"], \"test_type\": [\"None\", \"API Test\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.826Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 839, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "15", - "object_id": 15, - "object_repr": "Checkmarx Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-03 16:39:20.994000\"], \"created\": [\"None\", \"2021-11-03 16:39:20.994000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"15\"], \"engagement\": [\"None\", \"Engagement: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Checkmarx Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.852Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 840, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "16", - "object_id": 16, - "object_repr": "Checkmarx Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-03 00:00:00\"], \"target_end\": [\"None\", \"2021-11-03 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-03 16:41:15.570000\"], \"created\": [\"None\", \"2021-11-03 16:41:15.570000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"16\"], \"engagement\": [\"None\", \"Engagement: Static Scan (Nov 03, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Checkmarx Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.878Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 841, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "18", - "object_id": 18, - "object_repr": "Qualys Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2022-01-19 00:00:00\"], \"target_end\": [\"None\", \"2022-01-24 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:04:24.434000\"], \"created\": [\"None\", \"2021-11-03 17:03:36.758000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"18\"], \"engagement\": [\"None\", \"Engagement: Quarterly PCI Scan (Jan 19, 2022)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Qualys Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.903Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 842, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "19", - "object_id": 19, - "object_repr": "Pen Test", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"target_end\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"updated\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"created\": [\"None\", \"2021-11-03 17:14:05.611000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"19\"], \"engagement\": [\"None\", \"Engagement: Ad Hoc Engagement (Nov 03, 2021)\"], \"test_type\": [\"None\", \"Pen Test\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.926Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 843, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "20", - "object_id": 20, - "object_repr": "API Test", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:20:59.532000\"], \"created\": [\"None\", \"2021-11-03 17:20:59.532000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"20\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"API Test\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.951Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 844, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "21", - "object_id": 21, - "object_repr": "Nmap Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Staging\"], \"updated\": [\"None\", \"2021-11-03 17:21:13.841000\"], \"created\": [\"None\", \"2021-11-03 17:21:13.841000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"21\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Nmap Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:05.977Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 845, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "22", - "object_id": 22, - "object_repr": "Dependency Check Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:21:32.142000\"], \"created\": [\"None\", \"2021-11-03 17:21:32.142000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"22\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Dependency Check Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.004Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 846, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "23", - "object_id": 23, - "object_repr": "ZAP Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-12-20 00:00:00\"], \"target_end\": [\"None\", \"2021-12-27 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-03 17:21:52.246000\"], \"created\": [\"None\", \"2021-11-03 17:21:52.246000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"23\"], \"engagement\": [\"None\", \"Engagement: Initial Assessment (Dec 20, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"ZAP Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.031Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 847, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "25", - "object_id": 25, - "object_repr": "Dependency Check Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:22:26.245000\"], \"created\": [\"None\", \"2021-11-04 14:22:26.245000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"25\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Dependency Check Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.052Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 848, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "26", - "object_id": 26, - "object_repr": "VCG Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:23:56.881000\"], \"created\": [\"None\", \"2021-11-04 14:23:56.881000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"26\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"VCG Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.075Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 849, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "28", - "object_id": 28, - "object_repr": "Burp Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:25:07.948000\"], \"created\": [\"None\", \"2021-11-04 14:25:07.949000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"28\"], \"engagement\": [\"None\", \"Engagement: Multiple scanners (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Burp Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.102Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 850, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "29", - "object_id": 29, - "object_repr": "Manual Code Review", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Production\"], \"updated\": [\"None\", \"2021-11-04 14:32:14.420000\"], \"created\": [\"None\", \"2021-11-04 14:32:14.420000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"29\"], \"engagement\": [\"None\", \"Engagement: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Manual Code Review\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.127Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 851, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "30", - "object_id": 30, - "object_repr": "Pen Test", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-11 00:00:00\"], \"environment\": [\"None\", \"Pre-prod\"], \"updated\": [\"None\", \"2021-11-04 14:32:25.930000\"], \"created\": [\"None\", \"2021-11-04 14:32:25.930000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"30\"], \"engagement\": [\"None\", \"Engagement: Manual PenTest (Dec 30, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Pen Test\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.153Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 852, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "31", - "object_id": 31, - "object_repr": "Gosec Scanner", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 14:45:08.465000\"], \"created\": [\"None\", \"2021-11-04 14:45:08.465000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"31\"], \"engagement\": [\"None\", \"Engagement: CI/CD Baseline Security Test (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Gosec Scanner\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.178Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 853, - "fields": { - "content_type": [ - "dojo", - "sonarqube_issue_transition" - ], - "object_pk": "32", - "object_id": 32, - "object_repr": "Burp Scan", - "serialized_data": null, - "action": 0, - "changes": "{\"target_start\": [\"None\", \"2021-11-04 00:00:00\"], \"target_end\": [\"None\", \"2021-11-04 00:00:00\"], \"percent_complete\": [\"None\", \"100\"], \"environment\": [\"None\", \"Development\"], \"updated\": [\"None\", \"2021-11-04 18:20:55.916000\"], \"created\": [\"None\", \"2021-11-04 18:20:55.916000\"], \"test\": [\"None\", \"dojo.Cred_Mapping.None\"], \"id\": [\"None\", \"32\"], \"engagement\": [\"None\", \"Engagement: AdHoc Import - Fri, 17 Aug 2018 18:20:55 (Nov 04, 2021)\"], \"lead\": [\"None\", \"admin\"], \"test_type\": [\"None\", \"Burp Scan\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.204Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 854, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "2", - "object_id": 2, - "object_repr": "High Impact test finding", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"2\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"hash_code\": [\"None\", \"91a538bb2d339f9f73553971ede199f44df8e96df30f34ac8d9c224322aa5d62\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.239Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 855, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "3", - "object_id": 3, - "object_repr": "High Impact test finding", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"3\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.282Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 856, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "4", - "object_id": 4, - "object_repr": "High Impact test finding", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"4\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.325Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 857, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "5", - "object_id": 5, - "object_repr": "High Impact test finding", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"5\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.367Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 858, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "6", - "object_id": 6, - "object_repr": "High Impact test finding", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"High Impact test finding\"], \"date\": [\"None\", \"2021-03-21\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"test finding\"], \"mitigation\": [\"None\", \"test mitigation\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"6\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(admin)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(admin)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"11\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"5b0dead640b58a2b778aa2e8f5cccf67df7dc833b0c3f410985d1237615c86e7\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.407Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 859, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "7", - "object_id": 7, - "object_repr": "DUMMY FINDING", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"DUMMY FINDING\"], \"date\": [\"None\", \"2021-03-20\"], \"cwe\": [\"None\", \"1\"], \"url\": [\"None\", \"http://www.example.com\"], \"severity\": [\"None\", \"HIGH\"], \"description\": [\"None\", \"TEST finding\"], \"mitigation\": [\"None\", \"MITIGATION\"], \"impact\": [\"None\", \"HIGH\"], \"id\": [\"None\", \"7\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"API Test\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"review_requested_by\": [\"None\", \"(product_manager)\"], \"under_defect_review\": [\"None\", \"False\"], \"defect_review_requested_by\": [\"None\", \"(product_manager)\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"1\"], \"reporter\": [\"None\", \"product_manager\"], \"numerical_severity\": [\"None\", \"S0\"], \"hash_code\": [\"None\", \"c89d25e445b088ba339908f68e15e3177b78d22f3039d1bfea51c4be251bf4e0\"], \"line\": [\"None\", \"100\"], \"file_path\": [\"None\", \"\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.448Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 860, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "8", - "object_id": 8, - "object_repr": "SQL Injection (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"8\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.018000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.021000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.494Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 861, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "9", - "object_id": 9, - "object_repr": "Download of Code Without Integrity Check (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"9\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.194000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.200000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.537Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 862, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "10", - "object_id": 10, - "object_repr": "Missing X Frame Options (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"10\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.376000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.379000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.575Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 863, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "11", - "object_id": 11, - "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"11\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.553000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.617Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 864, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "12", - "object_id": 12, - "object_repr": "Improper Resource Shutdown or Release (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"12\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.696000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.699000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.663Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 865, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "13", - "object_id": 13, - "object_repr": "Reflected XSS All Clients (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"13\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:23.866000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:23.869000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.707Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 866, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "14", - "object_id": 14, - "object_repr": "HttpOnlyCookies (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"14\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.030000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.033000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.748Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 867, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "15", - "object_id": 15, - "object_repr": "CGI Reflected XSS All Clients (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"15\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.182000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.186000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.789Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 868, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "16", - "object_id": 16, - "object_repr": "Hardcoded password in Connection String (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"16\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.333000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.336000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.832Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 869, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "17", - "object_id": 17, - "object_repr": "Client Insecure Randomness (encryption.js)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"17\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.487000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.491000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.874Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 870, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "18", - "object_id": 18, - "object_repr": "SQL Injection (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"18\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.640000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.915Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 871, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "19", - "object_id": 19, - "object_repr": "Stored XSS (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"19\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.801000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.804000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:06.962Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 872, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "20", - "object_id": 20, - "object_repr": "CGI Stored XSS (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"20\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:24.958000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:24.961000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.005Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 873, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "21", - "object_id": 21, - "object_repr": "Not Using a Random IV with CBC Mode (AES.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Not Using a Random IV with CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"329\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"21\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.130000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.133000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.046Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 874, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "22", - "object_id": 22, - "object_repr": "Collapse of Data into Unsafe Value (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Collapse of Data into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"182\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"22\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.292000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.296000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.085Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 875, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "23", - "object_id": 23, - "object_repr": "Stored Boundary Violation (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"646\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"23\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.468000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.471000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.129Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 876, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "24", - "object_id": 24, - "object_repr": "Hardcoded password in Connection String (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"24\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.662000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.170Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 877, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "25", - "object_id": 25, - "object_repr": "Blind SQL Injections (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"25\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.816000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.819000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.212Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 878, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "26", - "object_id": 26, - "object_repr": "Heap Inspection (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"26\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:25.992000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:25.994000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.256Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 879, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "27", - "object_id": 27, - "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"27\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.155000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.160000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.301Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 880, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "28", - "object_id": 28, - "object_repr": "Trust Boundary Violation (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"501\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"28\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.331000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.335000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.421Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 881, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "29", - "object_id": 29, - "object_repr": "Information Exposure Through an Error Message (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"29\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.578000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.582000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.463Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 882, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "30", - "object_id": 30, - "object_repr": "Reliance on Cookies in a Decision (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"30\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:26.825000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:26.828000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.505Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 883, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "31", - "object_id": 31, - "object_repr": "Empty Password In Connection String (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"31\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.017000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.552Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 884, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "32", - "object_id": 32, - "object_repr": "Improper Resource Access Authorization (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"32\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.208000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.212000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.594Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 885, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "33", - "object_id": 33, - "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"33\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.403000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.407000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.639Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 886, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "34", - "object_id": 34, - "object_repr": "Hardcoded password in Connection String (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"34\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.642000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.684Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 887, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "35", - "object_id": 35, - "object_repr": "HttpOnlyCookies In Config (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"35\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:27.922000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:27.926000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.727Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 888, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "36", - "object_id": 36, - "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"36\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.129000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.133000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.761Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 889, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "37", - "object_id": 37, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"37\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.322000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.325000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.801Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 890, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "38", - "object_id": 38, - "object_repr": "CGI Reflected XSS All Clients (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"38\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.510000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.514000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.841Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 891, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "39", - "object_id": 39, - "object_repr": "Suspected XSS (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** <%=username%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"39\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.708000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.712000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.882Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 892, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "40", - "object_id": 40, - "object_repr": "Hardcoded password in Connection String (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"40\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:28.926000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:28.930000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.923Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 893, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "41", - "object_id": 41, - "object_repr": "Hardcoded password in Connection String (dbconnection.jspf)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"41\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.121000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.125000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:07.966Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 894, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "42", - "object_id": 42, - "object_repr": "Empty Password In Connection String (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"42\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.322000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.326000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.010Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 895, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "43", - "object_id": 43, - "object_repr": "Download of Code Without Integrity Check (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"43\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.533000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.538000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.050Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 896, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "44", - "object_id": 44, - "object_repr": "Information Exposure Through an Error Message (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"44\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.726000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.729000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.091Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 897, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "45", - "object_id": 45, - "object_repr": "SQL Injection (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"45\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:29.875000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:29.879000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.133Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 898, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "46", - "object_id": 46, - "object_repr": "Empty Password In Connection String (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"46\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.044000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.047000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.175Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 899, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "47", - "object_id": 47, - "object_repr": "CGI Stored XSS (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"47\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.240000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.245000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.218Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 900, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "48", - "object_id": 48, - "object_repr": "Plaintext Storage in a Cookie (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"315\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"48\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.432000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.436000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.262Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 901, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "49", - "object_id": 49, - "object_repr": "Information Exposure Through an Error Message (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"49\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.604000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.607000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.303Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 902, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "50", - "object_id": 50, - "object_repr": "Hardcoded password in Connection String (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"50\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.782000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.786000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.345Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 903, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "51", - "object_id": 51, - "object_repr": "Stored XSS (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\"\\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"51\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:30.966000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:30.970000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.392Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 904, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "52", - "object_id": 52, - "object_repr": "Download of Code Without Integrity Check (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"52\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.141000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.146000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.426Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 905, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "53", - "object_id": 53, - "object_repr": "Empty Password In Connection String (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"53\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.296000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.300000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.468Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 906, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "54", - "object_id": 54, - "object_repr": "Heap Inspection (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"54\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.450000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.453000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.512Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 907, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "55", - "object_id": 55, - "object_repr": "Download of Code Without Integrity Check (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"55\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.606000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.609000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.552Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 908, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "56", - "object_id": 56, - "object_repr": "Session Fixation (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"56\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.763000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.766000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.593Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 909, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "57", - "object_id": 57, - "object_repr": "Stored XSS (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\"\\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\"\\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"\\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\"\\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"57\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:31.922000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:31.925000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.641Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 910, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "58", - "object_id": 58, - "object_repr": "Empty Password In Connection String (dbconnection.jspf)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"58\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.098000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.100000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.685Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 911, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "59", - "object_id": 59, - "object_repr": "Hardcoded password in Connection String (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"59\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.248000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.251000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.729Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 912, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "60", - "object_id": 60, - "object_repr": "Reflected XSS All Clients (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"60\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.401000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.403000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.771Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 913, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "61", - "object_id": 61, - "object_repr": "HttpOnlyCookies (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"61\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.561000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.817Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 914, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "62", - "object_id": 62, - "object_repr": "Download of Code Without Integrity Check (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"62\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.729000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.733000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.859Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 915, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "63", - "object_id": 63, - "object_repr": "Stored XSS (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"63\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:32.884000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:32.888000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.900Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 916, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "64", - "object_id": 64, - "object_repr": "Empty Password In Connection String (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"64\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.048000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.051000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.941Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 917, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "65", - "object_id": 65, - "object_repr": "Reflected XSS All Clients (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"65\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.224000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.227000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:08.984Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 918, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "66", - "object_id": 66, - "object_repr": "Improper Resource Access Authorization (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"66\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.384000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.387000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.028Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 919, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "67", - "object_id": 67, - "object_repr": "Download of Code Without Integrity Check (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"67\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.543000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.546000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.067Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 920, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "68", - "object_id": 68, - "object_repr": "Download of Code Without Integrity Check (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"68\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.698000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.700000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.108Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 921, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "69", - "object_id": 69, - "object_repr": "Improper Resource Access Authorization (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"69\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:33.859000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:33.862000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.150Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 922, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "70", - "object_id": 70, - "object_repr": "Race Condition Format Flaw (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\"\\\" + nf.format(pricetopay) + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"70\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.023000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.026000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.196Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 923, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "71", - "object_id": 71, - "object_repr": "Empty Password In Connection String (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"71\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.180000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.183000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.237Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 924, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "72", - "object_id": 72, - "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"72\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.358000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.362000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.277Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 925, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "73", - "object_id": 73, - "object_repr": "Suspected XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"73\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.519000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.522000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.319Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 926, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "74", - "object_id": 74, - "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"74\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.678000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.681000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.364Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 927, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "75", - "object_id": 75, - "object_repr": "CGI Stored XSS (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"75\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:34.836000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:34.839000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.405Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 928, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "76", - "object_id": 76, - "object_repr": "Improper Resource Shutdown or Release (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"76\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.026000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.030000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.452Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 929, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "77", - "object_id": 77, - "object_repr": "Download of Code Without Integrity Check (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"77\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.225000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.229000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.501Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 930, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "78", - "object_id": 78, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"78\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.386000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.392000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.542Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 931, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "79", - "object_id": 79, - "object_repr": "Blind SQL Injections (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"79\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.595000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.598000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.585Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 932, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "80", - "object_id": 80, - "object_repr": "Client DOM Open Redirect (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"601\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"80\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.766000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.769000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.633Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 933, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "81", - "object_id": 81, - "object_repr": "Hardcoded password in Connection String (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"81\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:35.923000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:35.926000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.680Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 934, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "82", - "object_id": 82, - "object_repr": "CGI Stored XSS (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"82\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.095000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.098000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.721Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 935, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "83", - "object_id": 83, - "object_repr": "Use of Insufficiently Random Values (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"83\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.237000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.240000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.762Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 936, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "84", - "object_id": 84, - "object_repr": "Missing X Frame Options (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"84\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.375000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.378000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.801Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 937, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "85", - "object_id": 85, - "object_repr": "Reflected XSS All Clients (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>

\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"85\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.521000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.524000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.839Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 938, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "86", - "object_id": 86, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"86\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.670000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.673000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.878Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 939, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "87", - "object_id": 87, - "object_repr": "Information Exposure Through an Error Message (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"87\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:36.844000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:36.848000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.917Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 940, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "88", - "object_id": 88, - "object_repr": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"88\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.010000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.013000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:09.958Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 941, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "89", - "object_id": 89, - "object_repr": "Reliance on Cookies in a Decision (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"89\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.158000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.160000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.003Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 942, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "90", - "object_id": 90, - "object_repr": "Stored XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"90\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.311000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.314000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.044Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 943, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "91", - "object_id": 91, - "object_repr": "CGI Stored XSS (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\"\\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"91\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.460000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.463000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.082Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 944, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "92", - "object_id": 92, - "object_repr": "Heap Inspection (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"92\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.597000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.600000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.126Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 945, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "93", - "object_id": 93, - "object_repr": "Improper Resource Shutdown or Release (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"93\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.742000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.745000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.168Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 946, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "94", - "object_id": 94, - "object_repr": "Information Exposure Through an Error Message (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"94\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:37.887000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:37.890000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.208Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 947, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "95", - "object_id": 95, - "object_repr": "Improper Resource Access Authorization (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"95\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.043000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.046000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.248Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 948, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "96", - "object_id": 96, - "object_repr": "CGI Stored XSS (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"96\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.203000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.207000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.289Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 949, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "97", - "object_id": 97, - "object_repr": "Blind SQL Injections (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"97\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.359000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.363000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.329Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 950, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "98", - "object_id": 98, - "object_repr": "HttpOnlyCookies In Config (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"98\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.517000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.522000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.369Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 951, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "99", - "object_id": 99, - "object_repr": "Use of Hard coded Cryptographic Key (AES.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"99\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.676000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.678000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.411Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 952, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "100", - "object_id": 100, - "object_repr": "Improper Resource Shutdown or Release (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"100\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:38.846000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:38.849000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.452Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 953, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "101", - "object_id": 101, - "object_repr": "CGI Reflected XSS All Clients (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"101\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.003000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.006000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.494Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 954, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "102", - "object_id": 102, - "object_repr": "Stored XSS (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"102\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.161000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.163000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.538Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 955, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "103", - "object_id": 103, - "object_repr": "Information Exposure Through an Error Message (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"103\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.318000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.321000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.576Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 956, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "104", - "object_id": 104, - "object_repr": "Improper Resource Access Authorization (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"104\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.488000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.492000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.623Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 957, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "105", - "object_id": 105, - "object_repr": "Improper Resource Access Authorization (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"105\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.661000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.668Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 958, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "106", - "object_id": 106, - "object_repr": "Improper Resource Shutdown or Release (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"106\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.818000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.821000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.711Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 959, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "107", - "object_id": 107, - "object_repr": "Information Exposure Through an Error Message (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"107\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:39.982000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:39.984000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.751Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 960, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "108", - "object_id": 108, - "object_repr": "Blind SQL Injections (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"108\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.124000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.129000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.791Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 961, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "109", - "object_id": 109, - "object_repr": "Reliance on Cookies in a Decision (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"109\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.275000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.278000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.837Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 962, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "110", - "object_id": 110, - "object_repr": "Download of Code Without Integrity Check (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"110\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.878Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 963, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "111", - "object_id": 111, - "object_repr": "Unsynchronized Access To Shared Data (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unsynchronized Access To Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"567\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"111\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.561000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.564000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.918Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 964, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "112", - "object_id": 112, - "object_repr": "Empty Password In Connection String (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"112\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.700000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.703000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.957Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 965, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "113", - "object_id": 113, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"113\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:40.853000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:40.856000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:10.999Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 966, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "114", - "object_id": 114, - "object_repr": "Improper Resource Access Authorization (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"114\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.011000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.014000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.042Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 967, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "115", - "object_id": 115, - "object_repr": "Session Fixation (logout.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"115\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.185000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.188000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.081Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 968, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "116", - "object_id": 116, - "object_repr": "Hardcoded password in Connection String (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"116\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.344000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.351000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.122Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 969, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "117", - "object_id": 117, - "object_repr": "Hardcoded password in Connection String (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"117\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.528000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.531000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.162Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 970, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "118", - "object_id": 118, - "object_repr": "Improper Resource Access Authorization (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"118\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.730000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.734000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.207Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 971, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "119", - "object_id": 119, - "object_repr": "Improper Resource Access Authorization (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"119\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:41.957000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:41.960000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.252Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 972, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "120", - "object_id": 120, - "object_repr": "Empty Password In Connection String (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"120\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.131000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.135000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.292Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 973, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "121", - "object_id": 121, - "object_repr": "Improper Resource Shutdown or Release (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"121\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.312000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.315000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.335Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 974, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "122", - "object_id": 122, - "object_repr": "Improper Resource Shutdown or Release (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"122\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.483000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.487000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.373Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 975, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "123", - "object_id": 123, - "object_repr": "Empty Password In Connection String (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"123\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.633000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.636000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.413Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 976, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "124", - "object_id": 124, - "object_repr": "Information Exposure Through an Error Message (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"124\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.778000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.781000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.452Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 977, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "125", - "object_id": 125, - "object_repr": "Use of Insufficiently Random Values (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"125\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:42.939000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:42.943000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.498Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 978, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "126", - "object_id": 126, - "object_repr": "Stored XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"126\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.093000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.096000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.542Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 979, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "127", - "object_id": 127, - "object_repr": "HttpOnlyCookies (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"127\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.234000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.237000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.581Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 980, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "128", - "object_id": 128, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"128\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.397000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.400000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.624Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 981, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "129", - "object_id": 129, - "object_repr": "Information Exposure Through an Error Message (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"129\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.543000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.546000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.671Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 982, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "130", - "object_id": 130, - "object_repr": "Race Condition Format Flaw (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"130\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.700000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.703000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.711Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 983, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "131", - "object_id": 131, - "object_repr": "Stored XSS (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"131\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:43.855000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:43.859000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.751Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 984, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "132", - "object_id": 132, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"132\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.034000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.037000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.791Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 985, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "133", - "object_id": 133, - "object_repr": "Heap Inspection (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"133\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.200000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.203000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.831Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 986, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "134", - "object_id": 134, - "object_repr": "CGI Reflected XSS All Clients (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"134\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.346000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.349000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.872Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 987, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "135", - "object_id": 135, - "object_repr": "Empty Password In Connection String (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"135\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.499000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.502000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.912Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 988, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "136", - "object_id": 136, - "object_repr": "Information Exposure Through an Error Message (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"136\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.647000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.650000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.953Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 989, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "137", - "object_id": 137, - "object_repr": "XSRF (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"352\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"137\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:44.834000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:44.837000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:11.994Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 990, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "138", - "object_id": 138, - "object_repr": "Download of Code Without Integrity Check (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"138\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:45.012000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:45.015000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.036Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 991, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "139", - "object_id": 139, - "object_repr": "Improper Resource Access Authorization (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"139\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:39:45.191000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:39:45.200000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.075Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 992, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "140", - "object_id": 140, - "object_repr": "SQL Injection (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=346)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"140\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:17.740000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c49c87192b6b4f17151a471fd9d1bf3b302bca08781d67806c6556fe720af1b0\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:17.743000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.116Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 993, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "141", - "object_id": 141, - "object_repr": "Download of Code Without Integrity Check (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=298)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"141\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:17.907000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a9c3269038ed8a49c4e7576b359f61a65a3bd82c163089bc20743e5a14aa0ab5\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:17.909000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.158Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 994, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "142", - "object_id": 142, - "object_repr": "Missing X Frame Options (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=84)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"142\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.078000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"418f79f7a59a306d5e46aa4af1924b64200aed234ae994dcd66485eb30bbe869\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.081000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.198Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 995, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "143", - "object_id": 143, - "object_repr": "Information Exposure Through an Error Message (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=731)\\n\\n**Line Number:** 132\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 132\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 134\\n**Column:** 13\\n**Source Object:** e\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n**Line Number:** 134\\n**Column:** 30\\n**Source Object:** printStackTrace\\n**Number:** 134\\n**Code:** e.printStackTrace(new PrintWriter(sw));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"143\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.260000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"21c80d580d9f1de55f6179e2a08e5684f46c9734d79cf701b2ff25e6776ccdfc\"], \"line\": [\"None\", \"134\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.263000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.243Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 996, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "144", - "object_id": 144, - "object_repr": "Improper Resource Shutdown or Release (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=507)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=508)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=509)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=510)\\n\\n**Line Number:** 1\\n**Column:** 688\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1608\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 13\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT COUNT (*) FROM Products\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n**Line Number:** 25\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"144\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.421000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fffd29bd0973269ddbbed2e210926c04d42cb12037117261626b95bd52bcff27\"], \"line\": [\"None\", \"25\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.424000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.282Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 997, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "145", - "object_id": 145, - "object_repr": "Reflected XSS All Clients (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=332)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"145\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.608000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3406086ac5988ee8b55f70c618daf86c21702bb3c4c00e4607e5c21c2e3d3828\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.610000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.323Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 998, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "146", - "object_id": 146, - "object_repr": "HttpOnlyCookies (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=61)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=62)\\n\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"146\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.782000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24e74e8be8b222cf0b17c034d03c5b43a130c2b960095eb44c55f470e50f6924\"], \"line\": [\"None\", \"46\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.786000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.357Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 999, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "147", - "object_id": 147, - "object_repr": "CGI Reflected XSS All Clients (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=737)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"147\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:18.953000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a91b30b026cda759c2608e1c8216cdd13e265c030b8c47f4690cd2182e4ad166\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:18.956000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.394Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1000, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "148", - "object_id": 148, - "object_repr": "Hardcoded password in Connection String (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=806)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=807)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 725\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"148\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.120000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bfd9b74841c8d988d57c99353742f1e3180934ca6be2149a3fb7377329b57b33\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.123000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.434Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1001, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "149", - "object_id": 149, - "object_repr": "Client Insecure Randomness (encryption.js)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Insecure Randomness (encryption.js)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=68)\\n\\n**Line Number:** 127\\n**Column:** 28\\n**Source Object:** random\\n**Number:** 127\\n**Code:** var h = Math.floor(Math.random() * 65535);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"149\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.295000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b003338465e31c37f36b2a2d9b01bf9003d1d2631e2c409b3d19d02c93a20b6\"], \"line\": [\"None\", \"127\"], \"file_path\": [\"None\", \"/root/js/encryption.js\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.298000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.474Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1002, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "150", - "object_id": 150, - "object_repr": "SQL Injection (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=344)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=345)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"150\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.467000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"684ee38b55ea509e6c2be4a58ec52ba5d7e0c1952e09f8c8ca2bf0675650bd8f\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.470000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.516Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1003, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "151", - "object_id": 151, - "object_repr": "Stored XSS (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=377)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=378)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=379)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=380)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"151\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.621000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"99fb15b31049df2445ac3fd8729cbccbc6a19e4e410c3eb0ef95908c00b78fd7\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.625000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.558Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1004, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "152", - "object_id": 152, - "object_repr": "CGI Stored XSS (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=750)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=751)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=752)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"152\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.789000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"541eb71776b2d297f9aa790c52297b4f7d26acb0bce7de33bda136fdefe43cb7\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.792000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.599Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1005, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "153", - "object_id": 153, - "object_repr": "Not Using a Random IV with CBC Mode (AES.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Not Using a Random IV with CBC Mode (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"329\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=1)\\n\\n**Line Number:** 96\\n**Column:** 71\\n**Source Object:** ivBytes\\n**Number:** 96\\n**Code:** cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(ivBytes));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"153\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:19.978000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e5ac755dbe3bfd23995c8d5a99779d188440c9e573d79b44130d90468d41439c\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:19.980000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.643Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1006, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "154", - "object_id": 154, - "object_repr": "Collapse of Data into Unsafe Value (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Collapse of Data into Unsafe Value (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"182\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=4)\\n\\n**Line Number:** 19\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"154\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.129000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"da32068a6442ce061d43625863d27f5e6346929f2b1d15b750df9d7b4bdb3597\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.132000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.685Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1007, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "155", - "object_id": 155, - "object_repr": "Stored Boundary Violation (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"646\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Stored\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=72)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"155\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.279000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b0de3516ab323f5577e6ad94803e2ddf541214bbae868bf34e828ba3a4d966ca\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.281000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.726Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1008, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "156", - "object_id": 156, - "object_repr": "Hardcoded password in Connection String (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=798)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=799)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 722\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"156\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"13ceb3acfb49f194493bfb0af44f5f886a9767aa1c6990c8a397af756d97209c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.766Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1009, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "157", - "object_id": 157, - "object_repr": "Blind SQL Injections (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=421)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=422)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"157\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.567000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8d7b5f3962f521cd5c2dc40e4ef9a7cc10cfc30efb90f4b5841e8e5463656c61\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.570000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.805Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1010, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "158", - "object_id": 158, - "object_repr": "Heap Inspection (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=115)\\n\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"158\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.710000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2237f06cb695ec1da91d51cab9fb037d8a9e84f1aa9ddbfeef59eef1a65af47e\"], \"line\": [\"None\", \"10\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.712000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.844Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1011, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "159", - "object_id": 159, - "object_repr": "Use of Cryptographically Weak PRNG (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=15)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"159\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:20.879000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"05880cd0576bed75819cae74abce873fdcce5f857ec95d937a458b0ca0a49195\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:20.882000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.884Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1012, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "160", - "object_id": 160, - "object_repr": "Trust Boundary Violation (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Trust Boundary Violation (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"501\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=815)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"160\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.025000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9ec4ce27f48767b96297ef3cb8eabba1814ea08a02801692a669540c5a7ce019\"], \"line\": [\"None\", \"22\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.029000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.924Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1013, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "161", - "object_id": 161, - "object_repr": "Information Exposure Through an Error Message (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=703)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=704)\\n\\n**Line Number:** 52\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 52\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 53\\n**Column:** 387\\n**Source Object:** e\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n**Line Number:** 53\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 53\\n**Code:** out.println(\\\"System error.
\\\" + e);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"161\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.182000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fc95b0887dc03b9f29f45b95aeb41e7f681dc28388279d7e11c233d3b5235c00\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.185000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.935Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1014, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "162", - "object_id": 162, - "object_repr": "Reliance on Cookies in a Decision (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=31)\\n\\n**Line Number:** 38\\n**Column:** 388\\n**Source Object:** getCookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 41\\n**Column:** 373\\n**Source Object:** cookies\\n**Number:** 41\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 42\\n**Column:** 392\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 42\\n**Column:** 357\\n**Source Object:** cookie\\n**Number:** 42\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 43\\n**Column:** 365\\n**Source Object:** cookie\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 280\\n**Column:** 356\\n**Source Object:** stmt\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n**Line Number:** 280\\n**Column:** 361\\n**Source Object:** !=\\n**Number:** 280\\n**Code:** if (stmt != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"162\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.341000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bae03653ab0823182626d77d8ba94f2fab26eccdde7bcb11ddd0fb8dee79d717\"], \"line\": [\"None\", \"280\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.344000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:12.977Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1015, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "163", - "object_id": 163, - "object_repr": "Empty Password In Connection String (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=104)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=105)\\n\\n**Line Number:** 1\\n**Column:** 755\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"163\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.504000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ae4e2ef51220be9b4ca71ee34ae9d174d093e6dd2da41951bc4ad2139a4dad3f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.506000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.016Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1016, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "164", - "object_id": 164, - "object_repr": "Improper Resource Access Authorization (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=239)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=240)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=241)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=242)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=243)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=244)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=245)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=246)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=247)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=248)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=249)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=250)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=251)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=252)\\n\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"164\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.656000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c69d0a9ead39b5990a429c6ed185050ffadfda672b020ac6e7322ef02e72563a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.659000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.055Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1017, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "165", - "object_id": 165, - "object_repr": "Client Cross Frame Scripting Attack (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client Cross Frame Scripting Attack (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** JavaScript\\n**Group:** JavaScript Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=81)\\n\\n**Line Number:** 1\\n**Column:** 1\\n**Source Object:** CxJSNS_1557034993\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"165\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.810000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"51b52607f2a5915cd128ba4e24ce8e22ba019757f074a0ebc27c33d91a55378b\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.813000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.098Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1018, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "166", - "object_id": 166, - "object_repr": "Hardcoded password in Connection String (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=803)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=804)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=805)\\n\\n**Line Number:** 1\\n**Column:** 737\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 707\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"166\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:21.951000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d947020e418c747ee99a0accd491030f65895189aefea2a96a390b3e843a9905\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:21.955000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.139Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1019, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "167", - "object_id": 167, - "object_repr": "HttpOnlyCookies In Config (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=65)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"167\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.103000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b29d81fdf7a5477a7badd1a47406a27deb12b90d0b3db17f567344d1ec24e65c\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.106000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.180Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1020, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "168", - "object_id": 168, - "object_repr": "Improper Resource Shutdown or Release (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=448)\\n\\n**Line Number:** 40\\n**Column:** 13\\n**Source Object:** connection\\n**Number:** 40\\n**Code:** this.connection = conn;\\n-----\\n**Line Number:** 43\\n**Column:** 31\\n**Source Object:** getParameters\\n**Number:** 43\\n**Code:** this.getParameters();\\n-----\\n**Line Number:** 44\\n**Column:** 28\\n**Source Object:** setResults\\n**Number:** 44\\n**Code:** this.setResults();\\n-----\\n**Line Number:** 188\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 188\\n**Code:** this.output = (this.isAjax()) ? this.jsonPrequal : this.htmlPrequal;\\n-----\\n**Line Number:** 198\\n**Column:** 61\\n**Source Object:** isAjax\\n**Number:** 198\\n**Code:** this.output = this.output.concat(this.isAjax() ? result.getJSON().concat(\\\", \\\") : result.getTrHTML());\\n-----\\n**Line Number:** 201\\n**Column:** 39\\n**Source Object:** isAjax\\n**Number:** 201\\n**Code:** this.output = (this.isAjax()) ? this.output.substring(0, this.output.length() - 2).concat(this.jsonPostqual)\\n-----\\n**Line Number:** 45\\n**Column:** 27\\n**Source Object:** setScores\\n**Number:** 45\\n**Code:** this.setScores();\\n-----\\n**Line Number:** 129\\n**Column:** 28\\n**Source Object:** isDebug\\n**Number:** 129\\n**Code:** if(this.isDebug()){\\n-----\\n**Line Number:** 130\\n**Column:** 21\\n**Source Object:** connection\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 48\\n**Source Object:** createStatement\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 130\\n**Column:** 58\\n**Source Object:** execute\\n**Number:** 130\\n**Code:** this.connection.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"168\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.252000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"514c8fbd9da03f03f770c9e0ca12d8bb20db50f3a836b4d50f16e0d75b0cca08\"], \"line\": [\"None\", \"130\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.255000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.223Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1021, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "169", - "object_id": 169, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=446)\\n\\n**Line Number:** 56\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 56\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"169\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.404000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0441fee04d6e24c168f5b4b567cc31174f464330f27638f83f80ee87d0d3dc03\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.407000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.263Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1022, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "170", - "object_id": 170, - "object_repr": "CGI Reflected XSS All Clients (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=736)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"170\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7be257602d73f6146bbd1c6c4ab4970db0867933a1d2e87675770529b841d800\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.561000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.303Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1023, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "171", - "object_id": 171, - "object_repr": "Suspected XSS (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=318)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=319)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=320)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=321)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=322)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=323)\\n\\n**Line Number:** 57\\n**Column:** 360\\n**Source Object:** username\\n**Number:** 57\\n**Code:** <%=username%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"171\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.703000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ff922242dd15286d81f09888a33ad571eca598b615bf4d4b9024af17df42bc17\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.706000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.343Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1024, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "172", - "object_id": 172, - "object_repr": "Hardcoded password in Connection String (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=794)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=795)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 704\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"172\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:22.855000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"964aeee36e5998da77d3229f43830d362838d860d9e30c415fb58e9686a49625\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:22.858000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.383Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1025, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "173", - "object_id": 173, - "object_repr": "Hardcoded password in Connection String (dbconnection.jspf)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=796)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=797)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"173\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.007000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e57ed13a66f4041fa377af4db5110a50a8f4a67e0c7c2b3e955e4118844a2904\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.010000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.424Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1026, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "174", - "object_id": 174, - "object_repr": "Empty Password In Connection String (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=106)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=107)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"174\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.177000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8fc3621137e4dd32d75801ac6948909b20f671d21ed9dfe89d0e2f49a2554653\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.181000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.467Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1027, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "175", - "object_id": 175, - "object_repr": "Download of Code Without Integrity Check (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=294)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=295)\\n\\n**Line Number:** 1\\n**Column:** 640\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"175\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.337000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3988a18fe8f515ab1f92c649f43f20d33e8e8692d00a9dc80f2863342b522698\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.341000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.507Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1028, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "176", - "object_id": 176, - "object_repr": "Information Exposure Through an Error Message (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=715)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=716)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=717)\\n\\n**Line Number:** 39\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 39\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 41\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 41\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 41\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"176\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.502000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfc58944e3181521dc3a9ec917dcb54d7a54ebbf3f0e8aaca7fec60a05485c63\"], \"line\": [\"None\", \"41\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.504000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.546Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1029, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "177", - "object_id": 177, - "object_repr": "SQL Injection (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=340)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=341)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=342)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=343)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"177\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.658000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9878411e3b89bc832e58fa15e46d19e2e607309d3df9f152114d5ff62f95f0ce\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.661000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.597Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1030, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "178", - "object_id": 178, - "object_repr": "Empty Password In Connection String (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=88)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=89)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"178\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:23.823000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"35055620006745673ffba1cb3c1e8c09a9fd59f6438e6d45fbbb222a10968120\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:23.827000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.640Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1031, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "179", - "object_id": 179, - "object_repr": "CGI Stored XSS (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=771)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=772)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=773)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=774)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=775)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=776)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"179\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"60fff62e2e1d2383da91886a96d64905e184a3044037dc2595c3ccf28faacd6c\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.020000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.682Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1032, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "180", - "object_id": 180, - "object_repr": "Plaintext Storage in a Cookie (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Plaintext Storage in a Cookie (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"315\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=7)\\n\\n**Line Number:** 82\\n**Column:** 364\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 82\\n**Column:** 353\\n**Source Object:** basketId\\n**Number:** 82\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 84\\n**Column:** 391\\n**Source Object:** basketId\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"180\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.186000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c81c73f4bd1bb970a016bd7e5f1979af8d05eac71f387b2da9bd4affcaf13f81\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.189000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.723Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1033, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "181", - "object_id": 181, - "object_repr": "Information Exposure Through an Error Message (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=708)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=709)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=710)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=711)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=712)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=713)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=714)\\n\\n**Line Number:** 72\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 72\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 75\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 75\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 75\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"181\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.348000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1e74e0c4e0572c6bb5aaee26176b8a40ce024325bbffea1ddbb120bab9d9542c\"], \"line\": [\"None\", \"75\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.352000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.761Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1034, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "182", - "object_id": 182, - "object_repr": "Hardcoded password in Connection String (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=792)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=793)\\n\\n**Line Number:** 1\\n**Column:** 792\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 762\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"182\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.527000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"4568d7e34ac50ab291c955c8acb368e5abe73de05bd3080e2efc7b00f329600f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.532000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.802Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1035, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "183", - "object_id": 183, - "object_repr": "Stored XSS (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=375)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=376)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\"\\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"183\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.689000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1f91fef184e69387463ce9719fe9756145e16e76d39609aa5fa3e0eaa1274d05\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.692000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.869Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1036, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "184", - "object_id": 184, - "object_repr": "Download of Code Without Integrity Check (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=285)\\n\\n**Line Number:** 1\\n**Column:** 621\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"184\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:24.885000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"75a93a572c186be5fe7f5221a64306b5b35dddf605b5e231ffc74442bd3728a4\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:24.888000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.908Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1037, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "185", - "object_id": 185, - "object_repr": "Empty Password In Connection String (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=98)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=99)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"185\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.058000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afd07fc450ae8609c93797c8fd893028f7d8a9841999facd0a08236696c05841\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.063000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.948Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1038, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "186", - "object_id": 186, - "object_repr": "Heap Inspection (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=114)\\n\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"186\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.238000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78439e5edd436844bb6dc527f6effe0836b88b0fb946747b7f957da95b479fc2\"], \"line\": [\"None\", \"8\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.242000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:13.990Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1039, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "187", - "object_id": 187, - "object_repr": "Download of Code Without Integrity Check (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=302)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=303)\\n\\n**Line Number:** 1\\n**Column:** 643\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"187\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.420000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"92b54561d5d262a88920162ba7bf19fc0444975582be837047cab5d79c992447\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.030Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1040, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "188", - "object_id": 188, - "object_repr": "Session Fixation (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=55)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=56)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=57)\\n\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** setAttribute\\n**Number:** 48\\n**Code:** this.session.setAttribute(\\\"key\\\", this.encryptKey);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"188\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.574000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f24533b1fc628061c2037eb55ffe66aed6bfa2436fadaf6e424e4905ed238e21\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.577000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.068Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1041, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "189", - "object_id": 189, - "object_repr": "Stored XSS (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=414)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=415)\\n\\n**Line Number:** 34\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 34\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 38\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 38\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 42\\n**Column:** 398\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\"\\\\n\\\");\\n-----\\n**Line Number:** 42\\n**Column:** 410\\n**Source Object:** getString\\n**Number:** 42\\n**Code:** \\\"\\\" + rs.getString(\\\"PRICE\\\") + \\\"\\\\n\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 392\\n**Source Object:** concat\\n**Number:** 39\\n**Code:** output = output.concat(\\\"\\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 39\\n**Column:** 370\\n**Source Object:** output\\n**Number:** 39\\n**Code:** output = output.concat(\\\"\\\" + rs.getString(\\\"PRODUCT\\\") +\\n-----\\n**Line Number:** 49\\n**Column:** 355\\n**Source Object:** output\\n**Number:** 49\\n**Code:** <%= output %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"189\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.736000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"38321299050d31a3b8168316e30316d786236785a9c31427fb6f2631d3065a7c\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.739000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.112Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1042, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "190", - "object_id": 190, - "object_repr": "Empty Password In Connection String (dbconnection.jspf)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (dbconnection.jspf)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=94)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=95)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"190\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:25.915000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"24cd9b35200f9ca729fcccb8348baccd2ddfeee2f22177fd40e46931f8547659\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/dbconnection.jspf\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:25.919000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.151Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1043, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "191", - "object_id": 191, - "object_repr": "Hardcoded password in Connection String (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=800)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=801)\\n\\n**Line Number:** 1\\n**Column:** 2649\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2619\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"191\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.083000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"148a501a59e0d04eb52b5cd58b4d654b4a7883e8ad09dcd5801e775113a1000d\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.086000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.191Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1044, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "192", - "object_id": 192, - "object_repr": "Reflected XSS All Clients (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=330)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"192\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.242000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"55040c9344c964843ff56e19ff1ef4892c9f93234a7a39578c81ed903dd03e08\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.245000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.231Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1045, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "193", - "object_id": 193, - "object_repr": "HttpOnlyCookies (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=58)\\n\\n**Line Number:** 38\\n**Column:** 360\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"193\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.411000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"06cd6507296edca41e97d652a873c31230bf98fa8bdeab477fedb680ff606932\"], \"line\": [\"None\", \"38\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.415000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.274Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1046, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "194", - "object_id": 194, - "object_repr": "Download of Code Without Integrity Check (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=304)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=305)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"194\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.579000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"62f3875efdcf326015adee1ecd85c4ecdca5bc9c4719e5c9177dff8b0afffa1f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.583000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.314Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1047, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "195", - "object_id": 195, - "object_repr": "Stored XSS (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=383)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=384)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=385)\\n\\n**Line Number:** 25\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 25\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 25\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 26\\n**Column:** 357\\n**Source Object:** rs\\n**Number:** 26\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 28\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 28\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 380\\n**Source Object:** getString\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 361\\n**Source Object:** type\\n**Number:** 29\\n**Code:** String type = rs.getString(\\\"type\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 384\\n**Source Object:** type\\n**Number:** 32\\n**Code:** product + \\\"\\\" + type + \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 31\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"195\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.790000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0007a2df1ab7dc00f2144451d894f513c7d872e1153a0759982a8c866001cc02\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.795000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.354Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1048, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "196", - "object_id": 196, - "object_repr": "Empty Password In Connection String (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=96)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=97)\\n\\n**Line Number:** 1\\n**Column:** 752\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"196\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:26.983000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7dba1c0820d0f6017ca3333f7f9a8865a862604c4b13a1eed04666c6e364fa36\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:26.988000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.393Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1049, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "197", - "object_id": 197, - "object_repr": "Reflected XSS All Clients (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=334)\\n\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 57\\n**Column:** 405\\n**Source Object:** basketId\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 57\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 57\\n**Code:** debug += \\\" userId = \\\" + userid + \\\" basketId = \\\" + basketId;\\n-----\\n**Line Number:** 96\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 96\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 96\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"197\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.187000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"95568708fa568cc74c7ef8279b87869ebc932305da1878dbb1b7597c75a57bc1\"], \"line\": [\"None\", \"96\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.191000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.432Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1050, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "198", - "object_id": 198, - "object_repr": "Improper Resource Access Authorization (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=253)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=254)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=255)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=256)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"198\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.369000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b037e71624f50f74cfbd0f0cd561daa1e87b1ac3690b19b1d3fe3c36ef452628\"], \"line\": [\"None\", \"42\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.375000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.475Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1051, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "199", - "object_id": 199, - "object_repr": "Download of Code Without Integrity Check (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=299)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=300)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=301)\\n\\n**Line Number:** 1\\n**Column:** 625\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"199\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.558000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"945eb840563ed9b29b08ff0838d391e775d2e45f26817ad0b321b41e608564cf\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.562000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.516Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1052, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "200", - "object_id": 200, - "object_repr": "Download of Code Without Integrity Check (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=306)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=307)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"200\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.764000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e270eb7494286a67571f0d33112e997365a0de45a119ef8199d270c32d806ab\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.766000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.561Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1053, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "201", - "object_id": 201, - "object_repr": "Improper Resource Access Authorization (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=125)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=126)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=127)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=128)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=129)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=130)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=131)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=132)\\n\\n**Line Number:** 55\\n**Column:** 385\\n**Source Object:** executeQuery\\n**Number:** 55\\n**Code:** ResultSet rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE basketid = \\\" + basketId);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"201\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:27.957000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"76a4b74903cac92c02f0d0c7eca32f417f6ce4a3fb04f16eff17cfc0e8f8df7f\"], \"line\": [\"None\", \"55\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:27.960000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.606Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1054, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "202", - "object_id": 202, - "object_repr": "Race Condition Format Flaw (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=75)\\n\\n**Line Number:** 262\\n**Column:** 399\\n**Source Object:** format\\n**Number:** 262\\n**Code:** out.println(\\\"\\\" + nf.format(pricetopay) + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"202\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.132000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3db6ca06969817d45acccd02c0ba65067c1e11e9d4d7c34c7301612e63b2f75a\"], \"line\": [\"None\", \"262\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.135000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.655Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1055, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "203", - "object_id": 203, - "object_repr": "Empty Password In Connection String (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=86)\\n\\n**Line Number:** 89\\n**Column:** 1\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 89\\n**Code:** c = DriverManager.getConnection(\\\"jdbc:hsqldb:mem:SQL\\\", \\\"sa\\\", \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"203\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.331000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"66ad49b768c1dcb417d1047d6a3e134473f45969fdc41c529a37088dec29804e\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.335000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.697Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1056, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "204", - "object_id": 204, - "object_repr": "Improper Resource Access Authorization (FunctionalZAP.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (FunctionalZAP.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=282)\\n\\n**Line Number:** 31\\n**Column:** 37\\n**Source Object:** getProperty\\n**Number:** 31\\n**Code:** String target = System.getProperty(\\\"zap.targetApp\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"204\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.524000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"174ea52e3d43e0e3089705762ecd259a74bdb4c592473a8c4615c8d37e840725\"], \"line\": [\"None\", \"31\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/selenium/tests/FunctionalZAP.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.528000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.738Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1057, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "205", - "object_id": 205, - "object_repr": "Suspected XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Suspected XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=314)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=315)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=316)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=317)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** username\\n**Number:** 7\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 89\\n**Column:** 356\\n**Source Object:** username\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"205\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.696000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cecce89612fa88ff6270b822a8840911536f983c5ab580f5e7df0ec93a95884a\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.704000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.777Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1058, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "206", - "object_id": 206, - "object_repr": "Use of Cryptographically Weak PRNG (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=16)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"206\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:28.911000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"afa0b4d8453f20629d5863f0cb1b8d4e31bf2e8c4476db973a78731ffcf08bd2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:28.925000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.817Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1059, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "207", - "object_id": 207, - "object_repr": "CGI Stored XSS (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=754)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=755)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=756)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=757)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=758)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=759)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=760)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=761)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=762)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=763)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=764)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=765)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=766)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=767)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=768)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=769)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=770)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"207\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.151000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1aec22aeffa8b6201ad60b0a0d2b166ddbaefca6ab534bbc4d2a827bc02f5c20\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.157000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.857Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1060, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "208", - "object_id": 208, - "object_repr": "Improper Resource Shutdown or Release (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=511)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=512)\\n\\n**Line Number:** 1\\n**Column:** 2588\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2872\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 2975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3278\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3375\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3473\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3575\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3673\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3769\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3866\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 3972\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4357\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4511\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4668\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4823\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 4975\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5127\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5279\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5431\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5583\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5733\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 5883\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6033\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6183\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6333\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6483\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6633\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6783\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 6940\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7096\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7257\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7580\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7730\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 7880\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8029\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8179\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8340\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8495\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8656\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8813\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 8966\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9121\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9272\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9653\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9814\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 9976\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10140\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10419\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10506\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10846\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 10986\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11126\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11266\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11407\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11761\\n**Source Object:** c\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11779\\n**Source Object:** prepareStatement\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 11899\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"208\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.349000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2a7f9ff0b80ef53370128384650fe897d773383109c7d171159cbfbc232476e2\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.353000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.898Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1061, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "209", - "object_id": 209, - "object_repr": "Download of Code Without Integrity Check (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=284)\\n\\n**Line Number:** 87\\n**Column:** 10\\n**Source Object:** forName\\n**Number:** 87\\n**Code:** Class.forName(\\\"org.hsqldb.jdbcDriver\\\" );\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"209\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.526000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"bef5f29fc5d5f44cef3dd5db1aaeeb5f2e5d7480a197045e6d176f0ab26b5fa2\"], \"line\": [\"None\", \"87\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.529000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.939Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1062, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "210", - "object_id": 210, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=457)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=458)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=459)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=460)\\n\\n**Line Number:** 1\\n**Column:** 728\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1648\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n**Line Number:** 53\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 53\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 240\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 240\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n**Line Number:** 242\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 274\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 274\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 274\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"210\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.687000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.690000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:14.980Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1063, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "211", - "object_id": 211, - "object_repr": "Blind SQL Injections (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=417)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=418)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=419)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=420)\\n\\n**Line Number:** 8\\n**Column:** 398\\n**Source Object:** \\\"\\\"password\\\"\\\"\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 8\\n**Column:** 357\\n**Source Object:** password\\n**Number:** 8\\n**Code:** String password = (String) request.getParameter(\\\"password\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 449\\n**Source Object:** password\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"211\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:29.892000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2de5b8ed091eaaf750260b056239152b81363c790977699374b03d93e1d28551\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:29.896000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.021Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1064, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "212", - "object_id": 212, - "object_repr": "Client DOM Open Redirect (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Client DOM Open Redirect (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"601\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A10-Unvalidated Redirects and Forwards\\n**Language:** JavaScript\\n**Group:** JavaScript Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=66)\\n\\n**Line Number:** 48\\n**Column:** 63\\n**Source Object:** href\\n**Number:** 48\\n**Code:** New Search\\n-----\\n**Line Number:** 48\\n**Column:** 38\\n**Source Object:** location\\n**Number:** 48\\n**Code:** New Search\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"212\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.058000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"3173d904f9ac1a4779a3b5fd52f271e6a7871d6cb5387d2ced15025a4a15db93\"], \"line\": [\"None\", \"48\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.061000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.061Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1065, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "213", - "object_id": 213, - "object_repr": "Hardcoded password in Connection String (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=812)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=813)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"213\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.215000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"775723c89fdaed1cc6b85ecc489c028159d261e95e7ad4ad80d03ddd63bc99ea\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.218000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.209Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1066, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "214", - "object_id": 214, - "object_repr": "CGI Stored XSS (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=744)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=745)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=746)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=747)\\n\\n**Line Number:** 242\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 242\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 242\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 248\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 248\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 250\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 382\\n**Source Object:** getString\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 250\\n**Column:** 360\\n**Source Object:** product\\n**Number:** 250\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 436\\n**Source Object:** product\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n**Line Number:** 257\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 257\\n**Code:** out.println(\\\"\\\" + product + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"214\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.364000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9e3aa3082f7d93e52f9bfe97630e9fd6f6c04c5791dd22505ab238d1a6bf9242\"], \"line\": [\"None\", \"257\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.367000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.253Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1067, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "215", - "object_id": 215, - "object_repr": "Use of Insufficiently Random Values (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=24)\\n\\n**Line Number:** 1\\n**Column:** 599\\n**Source Object:** random\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"215\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.560000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2fe1558daec12a621f0504714bee44be8d382a57c7cdda160ddad8a2e8b8ca48\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.564000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.294Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1068, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "216", - "object_id": 216, - "object_repr": "Missing X Frame Options (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Missing X Frame Options (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"829\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=83)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"216\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.719000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5fb0f064b2f7098c57e1115b391bf7a6eb57feae63c2848b916a5b79dccf66f3\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.722000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.336Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1069, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "217", - "object_id": 217, - "object_repr": "Reflected XSS All Clients (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=331)\\n\\n**Line Number:** 10\\n**Column:** 395\\n**Source Object:** \\\"\\\"q\\\"\\\"\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 394\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** query\\n**Number:** 10\\n**Code:** String query = (String) request.getParameter(\\\"q\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 362\\n**Source Object:** query\\n**Number:** 13\\n**Code:** if (query.replaceAll(\\\"\\\\\\\\s\\\", \\\"\\\").toLowerCase().indexOf(\\\"\\\") >= 0) {\\n-----\\n**Line Number:** 18\\n**Column:** 380\\n**Source Object:** query\\n**Number:** 18\\n**Code:** You searched for: <%= query %>

\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"217\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:30.883000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"86efaa45244686266a1c4f1aef52d60ce791dd4cb64feebe5b214db5838b8e06\"], \"line\": [\"None\", \"18\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:30.886000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.380Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1070, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "218", - "object_id": 218, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=445)\\n\\n**Line Number:** 84\\n**Column:** 372\\n**Source Object:** Cookie\\n**Number:** 84\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", basketId));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"218\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.052000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d988ddc1b32f65ada9bd17516943b28e33458ea570ce92843bdb49e7a7e22fb\"], \"line\": [\"None\", \"84\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.055000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.420Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1071, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "219", - "object_id": 219, - "object_repr": "Information Exposure Through an Error Message (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=725)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=726)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=727)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=728)\\n\\n**Line Number:** 35\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 35\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 37\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"219\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.208000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c24c0fc04774515bc6dc38386250282055e0585ae71b405586b552ca04b31c9\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.211000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.469Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1072, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "220", - "object_id": 220, - "object_repr": "Use of Hard coded Cryptographic Key (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=778)\\n\\n**Line Number:** 47\\n**Column:** 70\\n**Source Object:** 0\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 69\\n**Source Object:** substring\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 47\\n**Column:** 17\\n**Source Object:** encryptKey\\n**Number:** 47\\n**Code:** this.encryptKey = UUID.randomUUID().toString().substring(0, 16);\\n-----\\n**Line Number:** 17\\n**Column:** 374\\n**Source Object:** AdvancedSearch\\n**Number:** 17\\n**Code:** AdvancedSearch as = new AdvancedSearch(request, session, conn);\\n-----\\n**Line Number:** 18\\n**Column:** 357\\n**Source Object:** as\\n**Number:** 18\\n**Code:** if(as.isAjax()){\\n-----\\n**Line Number:** 26\\n**Column:** 20\\n**Source Object:** encryptKey\\n**Number:** 26\\n**Code:** private String encryptKey = null;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"220\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.415000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d68d7152bc4b3f069aa236ff41cab28da77d7e668b77cb4de10ae8bf7a2e85be\"], \"line\": [\"None\", \"26\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.421000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.511Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1073, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "221", - "object_id": 221, - "object_repr": "Reliance on Cookies in a Decision (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=43)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=44)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=45)\\n\\n**Line Number:** 46\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 46\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 46\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 49\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 49\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 50\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 50\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 50\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 51\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 51\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 51\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 56\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 56\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 56\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"221\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.589000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"84c57ed3e3723016b9425c8549bd0faab967538a59e072c2dc5c85974a72bf41\"], \"line\": [\"None\", \"56\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.593000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.551Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1074, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "222", - "object_id": 222, - "object_repr": "Stored XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=381)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=382)\\n\\n**Line Number:** 63\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 63\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 63\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 66\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 66\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 68\\n**Column:** 411\\n**Source Object:** rs\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n**Line Number:** 68\\n**Column:** 423\\n**Source Object:** getString\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n**Line Number:** 68\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 68\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"name\\\") + \\\"\\\" + rs.getString(\\\"comment\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"222\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:31.833000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2dc7787335253be93ebb64d3ad632116363f3a5821c070db4cc28c18a0eee09e\"], \"line\": [\"None\", \"68\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:31.837000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.594Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1075, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "223", - "object_id": 223, - "object_repr": "CGI Stored XSS (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=742)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=743)\\n\\n**Line Number:** 16\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 16\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 19\\n**Column:** 359\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 22\\n**Column:** 406\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 369\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 381\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** \\\"\\\" + rs.getString(\\\"type\\\") + \\\"\\\" + rs.getInt(\\\"currentbasketid\\\") + \\\"\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 21\\n**Code:** out.println(\\\"\\\" + rs.getInt(\\\"userid\\\") + \\\"\\\" + rs.getString(\\\"name\\\") +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"223\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.027000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"45fe7a9d8b946b2cbc6aaf8b5e36608cc629e5f388f91433664d3c2f19a29991\"], \"line\": [\"None\", \"21\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.031000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.640Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1076, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "224", - "object_id": 224, - "object_repr": "Heap Inspection (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=116)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=117)\\n\\n**Line Number:** 7\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"224\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.200000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6e5f6914b0e963152cff1f6b9fe1c39a2f177979e6885bdbac5bd88f1d40d8cd\"], \"line\": [\"None\", \"7\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.203000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.682Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1077, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "225", - "object_id": 225, - "object_repr": "Improper Resource Shutdown or Release (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=587)\\n\\n**Line Number:** 1\\n**Column:** 721\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 1641\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n**Line Number:** 20\\n**Column:** 371\\n**Source Object:** conn\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 391\\n**Source Object:** createStatement\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 20\\n**Column:** 364\\n**Source Object:** stmt\\n**Number:** 20\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 34\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 34\\n**Code:** rs = stmt.executeQuery(sql);\\n-----\\n**Line Number:** 57\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 57\\n**Code:** stmt.execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"225\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.375000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"763571cd8b09d88baae5cc8bc9d755e2401e204c335894933401186d14be3992\"], \"line\": [\"None\", \"57\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.378000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.722Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1078, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "226", - "object_id": 226, - "object_repr": "Information Exposure Through an Error Message (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=724)\\n\\n**Line Number:** 64\\n**Column:** 374\\n**Source Object:** e\\n**Number:** 64\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 65\\n**Column:** 357\\n**Source Object:** e\\n**Number:** 65\\n**Code:** if (e.getMessage().indexOf(\\\"Unique constraint violation\\\") >= 0) {\\n-----\\n**Line Number:** 70\\n**Column:** 392\\n**Source Object:** e\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 70\\n**Column:** 366\\n**Source Object:** println\\n**Number:** 70\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"226\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.557000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"508298807b8bd2787b58a49d31bd3f056293c7656e8936eb2e478b3636fa5e19\"], \"line\": [\"None\", \"70\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.560000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.764Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1079, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "227", - "object_id": 227, - "object_repr": "Improper Resource Access Authorization (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=168)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=169)\\n\\n**Line Number:** 1\\n**Column:** 3261\\n**Source Object:** execute\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"227\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.727000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1544a01109756bdb265135b3dbc4efca3a22c8d19fa9b50407c94760f04d5610\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.732000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.804Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1080, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "228", - "object_id": 228, - "object_repr": "CGI Stored XSS (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Stored XSS (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=753)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 14\\n**Column:** 38\\n**Source Object:** getAttribute\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 10\\n**Source Object:** username\\n**Number:** 14\\n**Code:** String username = (String) session.getAttribute(\\\"username\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 52\\n**Source Object:** username\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n**Line Number:** 29\\n**Column:** 8\\n**Source Object:** println\\n**Number:** 29\\n**Code:** out.println(\\\"User: \\\" + username + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"228\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:32.910000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d6251c8822044d55511b364098e264ca2113391d999c6aefe5c1cca3743e2f2d\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:32.913000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.845Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1081, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "229", - "object_id": 229, - "object_repr": "Blind SQL Injections (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=416)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"229\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.098000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f8234be5bed59174a5f1f4efef0acb152b788f55c1804e2abbc185fe69ceea31\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.101000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.886Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1082, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "230", - "object_id": 230, - "object_repr": "HttpOnlyCookies In Config (web.xml)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies In Config (web.xml)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=64)\\n\\n**Line Number:** 1\\n**Column:** 301\\n**Source Object:** CxXmlConfigClass419518315\\n**Number:** 1\\n**Code:** \\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"230\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.286000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7d3502f71ea947677c3ae5e39ae8da99c7024c3820a1c546bbdfe3ea4a0fdfc0\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/build/WEB-INF/web.xml\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.306000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.926Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1083, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "231", - "object_id": 231, - "object_repr": "Use of Hard coded Cryptographic Key (AES.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Hard coded Cryptographic Key (AES.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"321\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=779)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=780)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=781)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=782)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=783)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=784)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=785)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=786)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=787)\\n\\n**Line Number:** 50\\n**Column:** 43\\n**Source Object:** \\\"\\\"AES/ECB/NoPadding\\\"\\\"\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 42\\n**Source Object:** getInstance\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 19\\n**Source Object:** c2\\n**Number:** 50\\n**Code:** Cipher c2 = Cipher.getInstance(\\\"AES/ECB/NoPadding\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"231\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.680000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"779b4fe3dd494b8c323ddb7cb879f60051ac263904a16ac65af5a210cf797c0b\"], \"line\": [\"None\", \"53\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/util/AES.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.683000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:15.967Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1084, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "232", - "object_id": 232, - "object_repr": "Improper Resource Shutdown or Release (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=577)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=578)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=579)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=580)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=581)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=582)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=583)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=584)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=585)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=586)\\n\\n**Line Number:** 13\\n**Column:** 360\\n**Source Object:** conn\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 381\\n**Source Object:** prepareStatement\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 13\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 13\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Score ORDER by scoreid\\\");\\n-----\\n**Line Number:** 14\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"232\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:33.947000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"326fbad527801598a49946804f53bff975023eeb4c7c992932611d45d0b46201\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:33.952000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.008Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1085, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "233", - "object_id": 233, - "object_repr": "CGI Reflected XSS All Clients (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=735)\\n\\n**Line Number:** 43\\n**Column:** 380\\n**Source Object:** getValue\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 43\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 43\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 141\\n**Column:** 386\\n**Source Object:** basketId\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n**Line Number:** 141\\n**Column:** 363\\n**Source Object:** println\\n**Number:** 141\\n**Code:** out.println(\\\"DEBUG basketid = \\\" + basketId + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"233\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.242000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d818b17afca02a70991162f0cf5fbb16d2fef322b72c5c77b4c32bd209b3dc02\"], \"line\": [\"None\", \"141\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.247000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.050Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1086, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "234", - "object_id": 234, - "object_repr": "Stored XSS (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=408)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=409)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=410)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=411)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=412)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=413)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 14\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 17\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 17\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 19\\n**Column:** 375\\n**Source Object:** rs\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 387\\n**Source Object:** getString\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 19\\n**Code:** out.println(\\\"\\\" + rs.getString(\\\"description\\\") + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"234\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.513000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"926d5bb4d3abbed178afd6c5ffb752e6774908ad90893262c187e71e3197f31d\"], \"line\": [\"None\", \"19\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.521000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.091Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1087, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "235", - "object_id": 235, - "object_repr": "Information Exposure Through an Error Message (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=705)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=706)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=707)\\n\\n**Line Number:** 62\\n**Column:** 371\\n**Source Object:** e\\n**Number:** 62\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 65\\n**Column:** 391\\n**Source Object:** e\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 65\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 65\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"235\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.736000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cfa4c706348e59de8b65228daccc21474abf67877a50dec0efa031e947d2e3bd\"], \"line\": [\"None\", \"65\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.740000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.136Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1088, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "236", - "object_id": 236, - "object_repr": "Improper Resource Access Authorization (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=272)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=273)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=274)\\n\\n**Line Number:** 14\\n**Column:** 396\\n**Source Object:** execute\\n**Number:** 14\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'SIMPLE_XSS'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"236\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:34.931000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b493926fdab24fe92c9c28363e72429e66631bd5056f574ddefb983212933d10\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:34.937000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.175Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1089, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "237", - "object_id": 237, - "object_repr": "Improper Resource Access Authorization (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=161)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=162)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=163)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=164)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=165)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=166)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=167)\\n\\n**Line Number:** 14\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"237\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.131000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"40f3e776293c5c19ac7b521181adfef56ed09288fa417f519d1cc6071cba8a17\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.134000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.216Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1090, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "238", - "object_id": 238, - "object_repr": "Improper Resource Shutdown or Release (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=450)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=451)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=452)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=453)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=454)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=455)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=456)\\n\\n**Line Number:** 1\\n**Column:** 669\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1589\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 15\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 15\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Users\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 27\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Baskets\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** conn\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 380\\n**Source Object:** prepareStatement\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 39\\n**Column:** 352\\n**Source Object:** stmt\\n**Number:** 39\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents\\\");\\n-----\\n**Line Number:** 40\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 40\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 40\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"238\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.361000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"8332e5bd42770868b5db865ca9017c31fcea5a91cff250c4341dc73ed5fdb6e6\"], \"line\": [\"None\", \"40\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.367000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.256Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1091, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "239", - "object_id": 239, - "object_repr": "Information Exposure Through an Error Message (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=729)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=730)\\n\\n**Line Number:** 55\\n**Column:** 377\\n**Source Object:** e\\n**Number:** 55\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 58\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 58\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 58\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"239\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.578000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"641ba17f6201ed5f40524a90c0e0fc03d8a4731528be567b639362cef3f20ef2\"], \"line\": [\"None\", \"58\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.581000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.299Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1092, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "240", - "object_id": 240, - "object_repr": "Blind SQL Injections (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blind SQL Injections (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=423)\\n\\n**Line Number:** 7\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 7\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 7\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 383\\n**Source Object:** password1\\n**Number:** 22\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 25\\n**Column:** 362\\n**Source Object:** password1\\n**Number:** 25\\n**Code:** } else if (password1.equals(password2)) {\\n-----\\n**Line Number:** 30\\n**Column:** 450\\n**Source Object:** password1\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"240\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:35.813000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"c3fb1583f06a0ce7bee2084607680b357d63dd8f9cc56d5d09f0601a3c62a336\"], \"line\": [\"None\", \"30\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:35.818000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.346Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1093, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "241", - "object_id": 241, - "object_repr": "Reliance on Cookies in a Decision (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reliance on Cookies in a Decision (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"784\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=32)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=33)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=34)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=35)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=36)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=37)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=38)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=39)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=40)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=41)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=42)\\n\\n**Line Number:** 35\\n**Column:** 390\\n**Source Object:** getCookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n**Line Number:** 38\\n**Column:** 375\\n**Source Object:** cookies\\n**Number:** 38\\n**Code:** for (Cookie cookie : cookies) {\\n-----\\n**Line Number:** 39\\n**Column:** 394\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 39\\n**Column:** 359\\n**Source Object:** cookie\\n**Number:** 39\\n**Code:** if (cookie.getName().equals(\\\"b_id\\\") && cookie.getValue().length() > 0) {\\n-----\\n**Line Number:** 40\\n**Column:** 367\\n**Source Object:** cookie\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 45\\n**Column:** 357\\n**Source Object:** basketId\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n**Line Number:** 45\\n**Column:** 366\\n**Source Object:** !=\\n**Number:** 45\\n**Code:** if (basketId != null) {\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"241\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.014000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"11b43c1ce56100d6a92b74b27d6e6901f3822b44c4b6e8437a7622f71c3a58a9\"], \"line\": [\"None\", \"45\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.019000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.386Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1094, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "242", - "object_id": 242, - "object_repr": "Download of Code Without Integrity Check (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=308)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=309)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"242\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.237000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7a001d11b5d7d20f5215658fc735a31e530696faddeae3eacf81662d4870e89a\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.247000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.428Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1095, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "243", - "object_id": 243, - "object_repr": "Unsynchronized Access To Shared Data (AdvancedSearch.java)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unsynchronized Access To Shared Data (AdvancedSearch.java)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"567\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=8)\\n\\n**Line Number:** 93\\n**Column:** 24\\n**Source Object:** jsonEmpty\\n**Number:** 93\\n**Code:** return this.jsonEmpty;\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"243\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.465000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dc13f474e6f512cb31374bfa4658ce7a866d6b832d40742e784ef14f6513ab87\"], \"line\": [\"None\", \"93\"], \"file_path\": [\"None\", \"/src/com/thebodgeitstore/search/AdvancedSearch.java\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.471000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.470Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1096, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "244", - "object_id": 244, - "object_repr": "Empty Password In Connection String (search.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (search.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=110)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=111)\\n\\n**Line Number:** 1\\n**Column:** 785\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"org.apache.commons.lang3.StringEscapeUtils\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"244\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.747000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"63f306f6577c64ad2d38ddd3985cc649b11dd360f7a962e98cb63686c89b2b95\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/search.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:36.756000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.512Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1097, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "245", - "object_id": 245, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=461)\\n\\n**Line Number:** 1\\n**Column:** 670\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1590\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 12\\n**Column:** 368\\n**Source Object:** conn\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 388\\n**Source Object:** createStatement\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 12\\n**Column:** 361\\n**Source Object:** stmt\\n**Number:** 12\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 15\\n**Column:** 357\\n**Source Object:** stmt\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 383\\n**Source Object:** getInt\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 21\\n**Column:** 360\\n**Source Object:** userid\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 23\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 23\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n**Line Number:** 37\\n**Column:** 396\\n**Source Object:** getAttribute\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 358\\n**Source Object:** userid\\n**Number:** 37\\n**Code:** String userid = (String) session.getAttribute(\\\"userid\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 420\\n**Source Object:** userid\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 376\\n**Source Object:** executeQuery\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 110\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 110\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Baskets WHERE (userid = \\\" + userid + \\\")\\\");\\n-----\\n**Line Number:** 111\\n**Column:** 354\\n**Source Object:** rs\\n**Number:** 111\\n**Code:** rs.next();\\n-----\\n**Line Number:** 112\\n**Column:** 370\\n**Source Object:** rs\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 379\\n**Source Object:** getInt\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 112\\n**Column:** 354\\n**Source Object:** basketId\\n**Number:** 112\\n**Code:** basketId = \\\"\\\" + rs.getInt(\\\"basketid\\\");\\n-----\\n**Line Number:** 240\\n**Column:** 440\\n**Source Object:** basketId\\n**Number:** 240\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM BasketContents, Products where basketid=\\\" + basketId +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"245\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:36.998000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.002000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.552Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1098, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "246", - "object_id": 246, - "object_repr": "Improper Resource Access Authorization (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=260)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=261)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=262)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=263)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=264)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=265)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=266)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=267)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=268)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=269)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=270)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=271)\\n\\n**Line Number:** 14\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 14\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"246\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.224000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5b24a32f74c75879a1adc65bf89b03bb64f81565dbd6a2240149f2ce1bd27d40\"], \"line\": [\"None\", \"14\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.232000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.597Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1099, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "247", - "object_id": 247, - "object_repr": "Session Fixation (logout.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Session Fixation (logout.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"384\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=49)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=50)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=51)\\n\\n**Line Number:** 3\\n**Column:** 370\\n**Source Object:** setAttribute\\n**Number:** 3\\n**Code:** session.setAttribute(\\\"username\\\", null);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"247\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.433000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"08569015fcc466a18ab405324d0dfe6af4b141110e47b73226ea117ecd44ff10\"], \"line\": [\"None\", \"3\"], \"file_path\": [\"None\", \"/root/logout.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.438000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.643Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1100, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "248", - "object_id": 248, - "object_repr": "Hardcoded password in Connection String (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=802)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"248\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.656000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"fd480c121d5e26af3fb8c7ec89137aab25d86e44ff154f5aae742384cf80a2dd\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.660000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.685Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1101, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "249", - "object_id": 249, - "object_repr": "Hardcoded password in Connection String (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Hardcoded password in Connection String (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"547\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=790)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.3 - Insecure cryptographic storage,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=791)\\n\\n**Line Number:** 1\\n**Column:** 890\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n**Line Number:** 1\\n**Column:** 860\\n**Source Object:** getConnection\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"249\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:37.871000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b755a0cc07b69b72eb284df102459af7c502318c53c769999ec925d0da354d44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:37.876000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.715Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1102, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "250", - "object_id": 250, - "object_repr": "Improper Resource Access Authorization (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=170)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=171)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=172)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=173)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=174)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=175)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=176)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=177)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=178)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=179)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=180)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=181)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=182)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=183)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=184)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=185)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=186)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=187)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=188)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=189)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=190)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=191)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=192)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=193)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=194)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=195)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=196)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=197)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=198)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=199)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=200)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=201)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=202)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=203)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=204)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=205)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=206)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=207)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=208)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=209)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=210)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=211)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=212)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=213)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=214)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=215)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=216)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=217)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=218)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=219)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=220)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=221)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=222)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=223)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=224)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=225)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=226)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=227)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=228)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=229)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=230)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=231)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=232)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=233)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=234)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=235)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=236)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=237)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=238)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"250\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.090000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"70d68584520c7bc1b47ca45fc75b42460659a52957a10fe2a99858c32b329ae1\"], \"line\": [\"None\", \"15\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.093000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.751Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1103, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "251", - "object_id": 251, - "object_repr": "Improper Resource Access Authorization (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=120)\\n\\n**Line Number:** 91\\n**Column:** 14\\n**Source Object:** executeQuery\\n**Number:** 91\\n**Code:** rs = stmt.executeQuery();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"251\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.295000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"920ba1bf2ab979534eda06dd720ba0baa9cff2b1c14fd1ad56e89a5d656ed2f9\"], \"line\": [\"None\", \"91\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.298000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.786Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1104, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "252", - "object_id": 252, - "object_repr": "Empty Password In Connection String (score.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (score.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=108)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=109)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"252\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.446000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6bea74fa6a2e15eb4e272fd8033b63984cb1cfefd52189c7031b58d7bd325f44\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/score.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.449000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.826Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1105, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "253", - "object_id": 253, - "object_repr": "Improper Resource Shutdown or Release (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=513)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=514)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=515)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=516)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=517)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=518)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=519)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=520)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=521)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=522)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=523)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=524)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=525)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=526)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=527)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=528)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=529)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=530)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=531)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=532)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=533)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=534)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=535)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=536)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=537)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=538)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=539)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=540)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=541)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=542)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=543)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=544)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=545)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=546)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=547)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=548)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=549)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=550)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=551)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=552)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=553)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=554)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=555)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=556)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=557)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=558)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=559)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=560)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=561)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=562)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=563)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=564)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=565)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=566)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=567)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=568)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=569)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=570)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=571)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=572)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=573)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=574)\\n\\n**Line Number:** 21\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 21\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 21\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"253\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.602000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"97e071423b295531965759c3641effa4a92e8e67f5ae40a3248a0a296aada52d\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.606000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.867Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1106, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "254", - "object_id": 254, - "object_repr": "Improper Resource Shutdown or Release (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=575)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=576)\\n\\n**Line Number:** 1\\n**Column:** 691\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1611\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 97\\n**Column:** 353\\n**Source Object:** conn\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 373\\n**Source Object:** createStatement\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n**Line Number:** 97\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 97\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_DEBUG'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"254\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.809000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"810541dc4d59d52088c1c29bfbb5ed70b10bfa657980a3099b26ff8799955f28\"], \"line\": [\"None\", \"97\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.813000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.910Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1107, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "255", - "object_id": 255, - "object_repr": "Empty Password In Connection String (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=100)\\n\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"255\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:38.991000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"eba9a993ff2b55ebdda24cb3c0fbc777bd7bcf038a01463f56b2f472f5a95296\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:38.994000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.949Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1108, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "256", - "object_id": 256, - "object_repr": "Information Exposure Through an Error Message (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=718)\\n\\n**Line Number:** 60\\n**Column:** 370\\n**Source Object:** e\\n**Number:** 60\\n**Code:** } catch (Exception e) {\\n-----\\n**Line Number:** 63\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 63\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 63\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"256\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.186000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"af0420cc3c001e6a1c65aceb86644080bcdb3f08b6be7cfc96a3bb3e20685afb\"], \"line\": [\"None\", \"63\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.192000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:16.991Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1109, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "257", - "object_id": 257, - "object_repr": "Use of Insufficiently Random Values (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=22)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"257\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.385000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"78ceea05b00023deec3b210877d332bf03d07b237e8339f508a18c62b1146f88\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.388000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.032Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1110, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "258", - "object_id": 258, - "object_repr": "Stored XSS (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=386)\\n\\n**Line Number:** 15\\n**Column:** 374\\n**Source Object:** executeQuery\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 352\\n**Source Object:** rs\\n**Number:** 15\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password + \\\"')\\\");\\n-----\\n**Line Number:** 16\\n**Column:** 356\\n**Source Object:** rs\\n**Number:** 16\\n**Code:** if (rs.next()) {\\n-----\\n**Line Number:** 21\\n**Column:** 374\\n**Source Object:** rs\\n**Number:** 21\\n**Code:** String userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 386\\n**Source Object:** rs\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 22\\n**Column:** 398\\n**Source Object:** getString\\n**Number:** 22\\n**Code:** session.setAttribute(\\\"username\\\", rs.getString(\\\"name\\\"));\\n-----\\n**Line Number:** 89\\n**Column:** 401\\n**Source Object:** getAttribute\\n**Number:** 89\\n**Code:** \\\" value=\\\"\\\"/>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"258\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.588000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9384efff38eaa33266a2f5888dea18392a0e8b658b770fcfed268f06d3a1052d\"], \"line\": [\"None\", \"89\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.593000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.070Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1111, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "259", - "object_id": 259, - "object_repr": "HttpOnlyCookies (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"HttpOnlyCookies (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"10706\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=59)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=60)\\n\\n**Line Number:** 35\\n**Column:** 362\\n**Source Object:** cookies\\n**Number:** 35\\n**Code:** Cookie[] cookies = request.getCookies();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"259\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:39.966000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"93595b491f79115f85df3ef403cfc4ecd34e22dedf95aa24fbc18f56039d26f3\"], \"line\": [\"None\", \"35\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:39.970000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.114Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1112, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "260", - "object_id": 260, - "object_repr": "Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Sensitive Cookie in HTTPS Session Without Secure Attribute (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"614\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=447)\\n\\n**Line Number:** 61\\n**Column:** 373\\n**Source Object:** Cookie\\n**Number:** 61\\n**Code:** response.addCookie(new Cookie(\\\"b_id\\\", \\\"\\\"));\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"260\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.147000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ebfe755d6f8f91724d9d8a0672c12dce0200f818bce80b7fcaab30987b124a99\"], \"line\": [\"None\", \"61\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.155Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1113, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "261", - "object_id": 261, - "object_repr": "Information Exposure Through an Error Message (header.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (header.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=702)\\n\\n**Line Number:** 96\\n**Column:** 18\\n**Source Object:** e\\n**Number:** 96\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 99\\n**Column:** 28\\n**Source Object:** e\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 99\\n**Column:** 9\\n**Source Object:** println\\n**Number:** 99\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"261\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.354000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"584b05859f76b43b2736a28ac1c8ac88497704d0f31868218fcda9077396a215\"], \"line\": [\"None\", \"99\"], \"file_path\": [\"None\", \"/root/header.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.358000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.194Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1114, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "262", - "object_id": 262, - "object_repr": "Race Condition Format Flaw (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Race Condition Format Flaw (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"362\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=79)\\n\\n**Line Number:** 51\\n**Column:** 400\\n**Source Object:** format\\n**Number:** 51\\n**Code:** \\\"\\\" + nf.format(price) + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"262\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.562000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b1306a4177b37bad4dbe763419df19ec56d7442262be5dfeff6d346b3b900ad1\"], \"line\": [\"None\", \"51\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.567000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.236Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1115, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "263", - "object_id": 263, - "object_repr": "Stored XSS (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Stored XSS (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=387)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=388)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=389)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=390)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=391)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=392)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=393)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=394)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=395)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=396)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=397)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=398)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=399)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=400)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=401)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=402)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=403)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=404)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=405)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=406)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Python\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=407)\\n\\n**Line Number:** 42\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 42\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 42\\n**Code:** rs = stmt.executeQuery();\\n-----\\n**Line Number:** 45\\n**Column:** 360\\n**Source Object:** rs\\n**Number:** 45\\n**Code:** while (rs.next()) {\\n-----\\n**Line Number:** 47\\n**Column:** 371\\n**Source Object:** rs\\n**Number:** 47\\n**Code:** String product = rs.getString(\\\"product\\\");\\n-----\\n**Line Number:** 48\\n**Column:** 373\\n**Source Object:** rs\\n**Number:** 48\\n**Code:** BigDecimal price = rs.getBigDecimal(\\\"price\\\");\\n-----\\n**Line Number:** 50\\n**Column:** 379\\n**Source Object:** rs\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 50\\n**Column:** 391\\n**Source Object:** getString\\n**Number:** 50\\n**Code:** product + \\\"\\\" + rs.getString(\\\"type\\\")+\\n-----\\n**Line Number:** 49\\n**Column:** 365\\n**Source Object:** println\\n**Number:** 49\\n**Code:** out.println(\\\"\\\" +\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"263\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:40.776000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"59304c367c39a7f0983c4ef2f90a13207866a37422ff5cc03db07d0efe46aed2\"], \"line\": [\"None\", \"49\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:40.782000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.275Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1116, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "264", - "object_id": 264, - "object_repr": "Improper Resource Shutdown or Release (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=462)\\n\\n**Line Number:** 1\\n**Column:** 673\\n**Source Object:** conn\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 1\\n**Column:** 1593\\n**Source Object:** jspInit\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n**Line Number:** 26\\n**Column:** 369\\n**Source Object:** conn\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 389\\n**Source Object:** createStatement\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 26\\n**Column:** 362\\n**Source Object:** stmt\\n**Number:** 26\\n**Code:** Statement stmt = conn.createStatement();\\n-----\\n**Line Number:** 29\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 358\\n**Source Object:** stmt\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 375\\n**Source Object:** executeQuery\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 30\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 30\\n**Code:** rs = stmt.executeQuery(\\\"SELECT * FROM Users WHERE (name = '\\\" + username + \\\"' AND password = '\\\" + password1 + \\\"')\\\");\\n-----\\n**Line Number:** 31\\n**Column:** 353\\n**Source Object:** rs\\n**Number:** 31\\n**Code:** rs.next();\\n-----\\n**Line Number:** 32\\n**Column:** 368\\n**Source Object:** rs\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 377\\n**Source Object:** getInt\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 32\\n**Column:** 353\\n**Source Object:** userid\\n**Number:** 32\\n**Code:** userid = \\\"\\\" + rs.getInt(\\\"userid\\\");\\n-----\\n**Line Number:** 36\\n**Column:** 384\\n**Source Object:** userid\\n**Number:** 36\\n**Code:** session.setAttribute(\\\"userid\\\", userid);\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"264\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.002000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"db7a77c20f51041b98ba80af21a73ef2db784e82fd0af050fefb552826be04b1\"], \"line\": [\"None\", \"274\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.006000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.316Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1117, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "265", - "object_id": 265, - "object_repr": "Heap Inspection (init.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Heap Inspection (init.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"244\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=118)\\n\\n**Category:** OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=119)\\n\\n**Line Number:** 1\\n**Column:** 563\\n**Source Object:** passwordSize\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"265\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.203000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"28820e0352bb80a1d3c1085204cfeb522ddd29ee680ae46350260bf63359646f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/init.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.210000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.357Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1118, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "266", - "object_id": 266, - "object_repr": "CGI Reflected XSS All Clients (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"CGI Reflected XSS All Clients (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=734)\\n\\n**Line Number:** 11\\n**Column:** 398\\n**Source Object:** \\\"\\\"comments\\\"\\\"\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 397\\n**Source Object:** getParameter\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 11\\n**Column:** 357\\n**Source Object:** comments\\n**Number:** 11\\n**Code:** String comments = (String) request.getParameter(\\\"comments\\\");\\n-----\\n**Line Number:** 19\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 19\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 20\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 20\\n**Code:** comments = comments.replace(\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 363\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 379\\n**Source Object:** replace\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 22\\n**Column:** 352\\n**Source Object:** comments\\n**Number:** 22\\n**Code:** comments = comments.replace(\\\"\\\\\\\"\\\", \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 378\\n**Source Object:** comments\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n**Line Number:** 37\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 37\\n**Code:** out.println(\\\"\\\" + comments + \\\"\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"266\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.419000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ee16024c2d5962d243c878bf4f638147a8f879f05d969855c13d083aafab9fa8\"], \"line\": [\"None\", \"37\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.423000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.396Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1119, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "267", - "object_id": 267, - "object_repr": "Empty Password In Connection String (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Empty Password In Connection String (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"259\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=92)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.10 - Broken authentication and session management,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=93)\\n\\n**Line Number:** 1\\n**Column:** 734\\n**Source Object:** \\\"\\\"\\\"\\\"\\n**Number:** 1\\n**Code:** <%@ page import=\\\"java.sql.*\\\" %>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"267\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.637000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ce6c5523b17b77be323a526e757f04235f6d8a3023ac5208b12b7c34de4fcbb6\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.643000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.435Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1120, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "268", - "object_id": 268, - "object_repr": "Information Exposure Through an Error Message (product.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Information Exposure Through an Error Message (product.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"209\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=719)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=720)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=721)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=722)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.5 - Improper error handling,OWASP Top 10 2013;A5-Security Misconfiguration\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=723)\\n\\n**Line Number:** 95\\n**Column:** 373\\n**Source Object:** e\\n**Number:** 95\\n**Code:** } catch (SQLException e) {\\n-----\\n**Line Number:** 98\\n**Column:** 390\\n**Source Object:** e\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n**Line Number:** 98\\n**Column:** 364\\n**Source Object:** println\\n**Number:** 98\\n**Code:** out.println(\\\"DEBUG System error: \\\" + e + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"268\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.811000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"85b4b54f401f88fb286b6442b56fecb5922a025504207d94f5835e4b9e4c3d49\"], \"line\": [\"None\", \"98\"], \"file_path\": [\"None\", \"/root/product.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.814000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.478Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1121, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "269", - "object_id": 269, - "object_repr": "XSRF (password.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"XSRF (password.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"352\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=821)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=822)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=823)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=824)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=825)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=826)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=827)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=828)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=829)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=830)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=831)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=832)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=833)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.9 - Cross-site request forgery,OWASP Top 10 2013;A8-Cross-Site Request Forgery (CSRF)\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=834)\\n\\n**Line Number:** 10\\n**Column:** 399\\n**Source Object:** \\\"\\\"password1\\\"\\\"\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 398\\n**Source Object:** getParameter\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 10\\n**Column:** 357\\n**Source Object:** password1\\n**Number:** 10\\n**Code:** String password1 = (String) request.getParameter(\\\"password1\\\");\\n-----\\n**Line Number:** 15\\n**Column:** 375\\n**Source Object:** password1\\n**Number:** 15\\n**Code:** if (password1 != null && password1.length() > 0) {\\n-----\\n**Line Number:** 16\\n**Column:** 358\\n**Source Object:** password1\\n**Number:** 16\\n**Code:** if ( ! password1.equals(password2)) {\\n-----\\n**Line Number:** 18\\n**Column:** 384\\n**Source Object:** password1\\n**Number:** 18\\n**Code:** } else if (password1 == null || password1.length() < 5) {\\n-----\\n**Line Number:** 24\\n**Column:** 404\\n**Source Object:** password1\\n**Number:** 24\\n**Code:** stmt.executeQuery(\\\"UPDATE Users set password= '\\\" + password1 + \\\"' where name = '\\\" + username + \\\"'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"269\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:41.972000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"371010ba334ccc433d73bf0c9cdaec557d5f7ec338c6f925d8a71763a228d473\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/password.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:41.975000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.522Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1122, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "270", - "object_id": 270, - "object_repr": "Download of Code Without Integrity Check (advanced.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (advanced.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=286)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=287)\\n\\n**Line Number:** 1\\n**Column:** 778\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"com.thebodgeitstore.search.AdvancedSearch\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"270\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.150000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ea8b569d6c5fe9dba625c6540acd9880534f7a19a5bf4b84fb838ad65d08d26f\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/advanced.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.562Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1123, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "271", - "object_id": 271, - "object_repr": "Improper Resource Access Authorization (register.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (register.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=257)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=258)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=259)\\n\\n**Line Number:** 29\\n**Column:** 370\\n**Source Object:** executeQuery\\n**Number:** 29\\n**Code:** stmt.executeQuery(\\\"INSERT INTO Users (name, type, password) VALUES ('\\\" + username + \\\"', 'USER', '\\\" + password1 + \\\"')\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"271\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.303000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0e517ef410747c79f882b9fc73a04a92ef6b4792017378ae5c4a39e21a921c5\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/register.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.308000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.607Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1124, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "272", - "object_id": 272, - "object_repr": "Download of Code Without Integrity Check (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Download of Code Without Integrity Check (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"494\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=288)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=289)\\n\\n**Line Number:** 1\\n**Column:** 680\\n**Source Object:** forName\\n**Number:** 1\\n**Code:** <%@page import=\\\"java.net.URL\\\"%>\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"272\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.477000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"f6025b614c1d26ee95556ebcb50473f42a57f04d7653abfd132e98baff1b433e\"], \"line\": [\"None\", \"1\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.480000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.650Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1125, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "273", - "object_id": 273, - "object_repr": "Improper Resource Access Authorization (admin.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Access Authorization (admin.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"285\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=121)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=122)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=123)\\n\\n**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.8 - Improper access control,OWASP Top 10 2013;A2-Broken Authentication and Session Management\\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=124)\\n\\n**Line Number:** 12\\n**Column:** 383\\n**Source Object:** execute\\n**Number:** 12\\n**Code:** conn.createStatement().execute(\\\"UPDATE Score SET status = 1 WHERE task = 'HIDDEN_ADMIN'\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"273\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.636000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5852c73c2309bcf533c51c4b6c8221b0519229d4010090067bd6ea629971c099\"], \"line\": [\"None\", \"12\"], \"file_path\": [\"None\", \"/root/admin.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.640000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.691Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1126, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "274", - "object_id": 274, - "object_repr": "Use of Cryptographically Weak PRNG (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Cryptographically Weak PRNG (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"338\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.4 - Insecure communications,OWASP Top 10 2013;A6-Sensitive Data Exposure\\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=14)\\n\\n**Line Number:** 54\\n**Column:** 377\\n**Source Object:** random\\n**Number:** 54\\n**Code:** anticsrf = \\\"\\\" + Math.random();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"274\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.816000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"39052e0796f538556f2cc6c00b63fbed65ab036a874c9ed0672e6825d68602a2\"], \"line\": [\"None\", \"54\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:42.819000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.730Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1127, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "275", - "object_id": 275, - "object_repr": "Improper Resource Shutdown or Release (contact.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Improper Resource Shutdown or Release (contact.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"404\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=463)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=464)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=465)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=466)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=467)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=468)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=469)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=470)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=471)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=472)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=473)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=474)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=475)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=476)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=477)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=478)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=479)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=480)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=481)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=482)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=483)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=484)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=485)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=486)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=487)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=488)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=489)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=490)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=491)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=492)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=493)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=494)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=495)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=496)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=497)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=498)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=499)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=500)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=501)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=502)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=503)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=504)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=505)\\n\\n**Category:** \\n**Language:** Java\\n**Group:** Java Low Visibility\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=506)\\n\\n**Line Number:** 24\\n**Column:** 377\\n**Source Object:** conn\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 398\\n**Source Object:** prepareStatement\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 24\\n**Column:** 370\\n**Source Object:** stmt\\n**Number:** 24\\n**Code:** PreparedStatement stmt = conn.prepareStatement(\\\"INSERT INTO Comments (name, comment) VALUES (?, ?)\\\");\\n-----\\n**Line Number:** 27\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 27\\n**Code:** stmt.setString(1, username);\\n-----\\n**Line Number:** 28\\n**Column:** 353\\n**Source Object:** stmt\\n**Number:** 28\\n**Code:** stmt.setString(2, comments);\\n-----\\n**Line Number:** 29\\n**Column:** 365\\n**Source Object:** execute\\n**Number:** 29\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"275\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:42.999000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"82b6e67fea88a46706b742dee6eb877a58f0ef800b00de81d044714ae2d83f6b\"], \"line\": [\"None\", \"29\"], \"file_path\": [\"None\", \"/root/contact.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.002000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.770Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1128, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "276", - "object_id": 276, - "object_repr": "Reflected XSS All Clients (login.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Reflected XSS All Clients (login.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"79\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS)\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=333)\\n\\n**Line Number:** 40\\n**Column:** 382\\n**Source Object:** getValue\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 40\\n**Column:** 356\\n**Source Object:** basketId\\n**Number:** 40\\n**Code:** basketId = cookie.getValue();\\n-----\\n**Line Number:** 46\\n**Column:** 380\\n**Source Object:** basketId\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 46\\n**Column:** 354\\n**Source Object:** debug\\n**Number:** 46\\n**Code:** debug += \\\" basketid = \\\" + basketId;\\n-----\\n**Line Number:** 78\\n**Column:** 375\\n**Source Object:** debug\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n**Line Number:** 78\\n**Column:** 362\\n**Source Object:** println\\n**Number:** 78\\n**Code:** out.println(\\\"DEBUG: \\\" + debug + \\\"

\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"276\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.197000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"52d4696d8c8726e0689f91c534c78682a24d80d83406ac7c6d7c4f2952d7c25e\"], \"line\": [\"None\", \"78\"], \"file_path\": [\"None\", \"/root/login.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.202000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.812Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1129, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "277", - "object_id": 277, - "object_repr": "Use of Insufficiently Random Values (home.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of Insufficiently Random Values (home.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"330\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"**Category:** \\n**Language:** Java\\n**Group:** Java Medium Threat\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=23)\\n\\n**Line Number:** 24\\n**Column:** 469\\n**Source Object:** random\\n**Number:** 24\\n**Code:** stmt = conn.prepareStatement(\\\"SELECT * FROM Products, ProductTypes WHERE Products.productid = \\\" + ((int)(Math.random() * count) + 1) + \\\" AND Products.typeid = ProductTypes.typeid\\\");\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"277\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.364000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"67622d1c580dd13b751a2f6684e3b1e764c0b2059520e9b6683c5b8a6560262a\"], \"line\": [\"None\", \"24\"], \"file_path\": [\"None\", \"/root/home.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.369000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.852Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1130, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "278", - "object_id": 278, - "object_repr": "SQL Injection (basket.jsp)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL Injection (basket.jsp)\"], \"date\": [\"None\", \"2019-11-17\"], \"cwe\": [\"None\", \"89\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"**Category:** PCI DSS v3.1;PCI DSS (3.1) - 6.5.1 - Injection flaws - particularly SQL injection,OWASP Top 10 2013;A1-Injection\\n**Language:** Java\\n**Group:** Java High Risk\\n**Status:** New\\n**Finding Link:** [https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339](https://code.checkmarx.io/CxWebClient/ViewerMain.aspx?scanid=1000074&projectid=44&pathid=339)\\n\\n**Line Number:** 148\\n**Column:** 391\\n**Source Object:** \\\"\\\"productid\\\"\\\"\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 390\\n**Source Object:** getParameter\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 148\\n**Column:** 358\\n**Source Object:** productId\\n**Number:** 148\\n**Code:** String productId = request.getParameter(\\\"productid\\\");\\n-----\\n**Line Number:** 172\\n**Column:** 410\\n**Source Object:** productId\\n**Number:** 172\\n**Code:** \\\" WHERE basketid=\\\" + basketId + \\\" AND productid = \\\" + productId);\\n-----\\n**Line Number:** 171\\n**Column:** 382\\n**Source Object:** prepareStatement\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 171\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 171\\n**Code:** stmt = conn.prepareStatement(\\\"UPDATE BasketContents SET quantity = \\\" + Integer.parseInt(quantity) +\\n-----\\n**Line Number:** 173\\n**Column:** 354\\n**Source Object:** stmt\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n**Line Number:** 173\\n**Column:** 366\\n**Source Object:** execute\\n**Number:** 173\\n**Code:** stmt.execute();\\n-----\\n\"], \"mitigation\": [\"None\", \"N/A\"], \"impact\": [\"None\", \"N/A\"], \"id\": [\"None\", \"278\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Checkmarx Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-03 16:41:43.552000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a580f877f77e73dc81f13869c40402119ff4a964e2cc48fe4dcca3fb0a5e19a9\"], \"line\": [\"None\", \"173\"], \"file_path\": [\"None\", \"/root/basket.jsp\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 16:41:43.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.893Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1131, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "279", - "object_id": 279, - "object_repr": "test", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"test\"], \"date\": [\"None\", \"2021-11-03\"], \"url\": [\"None\", \"No url given\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"asdf\"], \"mitigation\": [\"None\", \"adf\"], \"impact\": [\"None\", \"asdf\"], \"steps_to_reproduce\": [\"None\", \"\"], \"severity_justification\": [\"None\", \"\"], \"id\": [\"None\", \"279\"], \"references\": [\"None\", \"No references given\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Pen Test\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"hash_code\": [\"None\", \"df2a6f6aba05f414f30448d0594c327f3f9e7f075bff0008820e10d95b4ff3d5\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-03 17:14:15.434000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.933Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1132, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "280", - "object_id": 280, - "object_repr": "notepad++.exe | CVE-2007-2666", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"notepad++.exe | CVE-2007-2666\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"1035\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer\\n\\nStack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla 1.73, as used by notepad++ 4.1.1 and earlier, allows user-assisted remote attackers to execute arbitrary code via certain Ruby (.rb) files with long lines. NOTE: this was originally reported as a vulnerability in notepad++.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"280\"], \"references\": [\"None\", \"name: 23961\\nsource: BID\\nurl: http://www.securityfocus.com/bid/23961\\n\\nname: 20070513 notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/468529/100/0/threaded\\n\\nname: 20070523 Re: notepad++[v4.1]: (win32) ruby file processing buffer overflow exploit.\\nsource: BUGTRAQ\\nurl: http://www.securityfocus.com/archive/1/archive/1/469348/100/100/threaded\\n\\nname: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\nsource: CONFIRM\\nurl: http://scintilla.cvs.sourceforge.net/scintilla/scintilla/src/LexRuby.cxx?view=log#rev1.13\\n\\nname: 3912\\nsource: MILW0RM\\nurl: http://www.milw0rm.com/exploits/3912\\n\\nname: ADV-2007-1794\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1794\\n\\nname: ADV-2007-1867\\nsource: VUPEN\\nurl: http://www.vupen.com/english/advisories/2007/1867\\n\\nname: notepadplus-rb-bo(34269)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34269\\n\\nname: scintilla-rb-bo(34372)\\nsource: XF\\nurl: http://xforce.iss.net/xforce/xfdb/34372\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:22:26.290000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1dfa2d2c7161cea9a710a5cbe3e1bc7f0116625104edbe31d5de6260c82cf87a\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:22:26.294000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:17.973Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1133, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "281", - "object_id": 281, - "object_repr": "notepad++.exe | CVE-2008-3436", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"notepad++.exe | CVE-2008-3436\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"1035\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"CWE-94 Improper Control of Generation of Code ('Code Injection')\\n\\nThe GUP generic update process in Notepad++ before 4.8.1 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"281\"], \"references\": [\"None\", \"name: 20080728 Tool release: [evilgrade] - Using DNS cache poisoning to exploit poor update implementations\\nsource: FULLDISC\\nurl: http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html\\n\\nname: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\nsource: MISC\\nurl: http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Dependency Check Scan\"], \"active\": [\"None\", \"False\"], \"verified\": [\"None\", \"False\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:22:26.568000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b080d22cc9797327aeebd0e6437057cf1ef61dd128fbe7059388b279c45915bb\"], \"file_path\": [\"None\", \"notepad++.exe\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:22:26.571000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.014Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1134, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "282", - "object_id": 282, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\ViewAccountInfo.aspx.cs\\nLine: 22\\nCodeLine: ContactName is being repurposed as the foreign key to the user table. Kludgey, I know.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"282\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:56.911000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:56.915000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.055Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1135, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "283", - "object_id": 283, - "object_repr": ".NET Debugging Enabled", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Web.config\\nLine: 25\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"283\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.105000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.107000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.094Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1136, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "284", - "object_id": 284, - "object_repr": "URL Request Gets Path from Variable", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 72\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"284\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.285000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.288000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.135Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1137, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "285", - "object_id": 285, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\StealCookies.aspx.cs\\nLine: 19\\nCodeLine: TODO: Mail the cookie in real time.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"285\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.483000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.485000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.175Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1138, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "286", - "object_id": 286, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\CustomerRepository.cs\\nLine: 41\\nCodeLine: TODO: Add try/catch logic\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"286\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.662000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.665000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.215Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1139, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "287", - "object_id": 287, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\ShipperRepository.cs\\nLine: 37\\nCodeLine: / TODO: Use the check digit algorithms to make it realistic.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"287\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:57.857000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:57.860000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.253Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1140, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "288", - "object_id": 288, - "object_repr": ".NET Debugging Enabled", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \".NET Debugging Enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Severity: Medium\\nDescription: The application is configured to return .NET debug information. This can provide an attacker with useful information and should not be used in a live application.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\XtremelyEvilWebApp\\\\Web.config\\nLine: 6\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"288\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.047000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6190df674dd45e3b28b65c30bfd11b02ef3331eaffecac12a6ee3db03c1de36a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.050000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.291Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1141, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "289", - "object_id": 289, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 58\\nCodeLine: TODO: Put this in try/catch as well\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"289\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.246000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.249000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.330Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1142, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "290", - "object_id": 290, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 145\\nCodeLine: TODO: Uncommenting this line causes EF to throw exception when creating the order.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"290\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.452000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.455000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.375Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1143, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "291", - "object_id": 291, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Order.cs\\nLine: 27\\nCodeLine: TODO: Shipments and Payments should be singular. Like customer.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"291\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.643000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.645000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.414Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1144, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "292", - "object_id": 292, - "object_repr": "URL Request Gets Path from Variable", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Account\\\\Register.aspx.cs\\nLine: 35\\nCodeLine: Response.Redirect(continueUrl);\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"292\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:58.836000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:58.838000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.452Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1145, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "293", - "object_id": 293, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogResponseRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"293\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.005000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.007000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.498Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1146, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "294", - "object_id": 294, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Infrastructure\\\\BlogEntryRepository.cs\\nLine: 18\\nCodeLine: TODO: should put this in a try/catch\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"294\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.201000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.205000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.538Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1147, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "295", - "object_id": 295, - "object_repr": "URL Request Gets Path from Variable", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"URL Request Gets Path from Variable\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Severity: Standard\\nDescription: The URL used in the HTTP request appears to be loaded from a variable. Check the code manually to ensure that malicious URLs cannot be submitted by an attacker.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\PackageTracking.aspx.cs\\nLine: 25\\nCodeLine: Response.Redirect(Order.GetPackageTrackingUrl(_carrier, _trackingNumber));\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"295\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.422000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"dfd30d76898319d2181e4464cd74c71ddaca8afe0008b9c94fac41f5420ed62c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.425000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.575Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1148, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "296", - "object_id": 296, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 16\\nCodeLine: TODO: Refactor this. Use LINQ with aggregation to get SUM.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"296\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.586000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.588000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.620Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1149, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "297", - "object_id": 297, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\Core\\\\Cart.cs\\nLine: 41\\nCodeLine: TODO: Add ability to delete an orderDetail and to change quantities.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"297\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.765000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.768000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.664Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1150, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "298", - "object_id": 298, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Product.aspx.cs\\nLine: 59\\nCodeLine: TODO: Feels like this is too much business logic. Should be moved to OrderDetail constructor?\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"298\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:23:59.942000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:23:59.945000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.704Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1151, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "299", - "object_id": 299, - "object_repr": "Comment Indicates Potentially Unfinished Code", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Comment Indicates Potentially Unfinished Code\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"Severity: Suspicious Comment\\nDescription: The comment includes some wording which indicates that the developer regards it as unfinished or does not trust it to work correctly.\\nFileName: C:\\\\Projects\\\\WebGoat.Net\\\\WebSite\\\\Checkout\\\\Checkout.aspx.cs\\nLine: 102\\nCodeLine: TODO: Throws an error if we don't set the date. Try to set it to null or something.\\n\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"299\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"VCG Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:24:00.128000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"5bf9791b69a7661dfcfac47b4284db7ff46f729ba30698d418e56c3f4c4f70db\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:24:00.131000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.745Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1152, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "300", - "object_id": 300, - "object_repr": "Password field with autocomplete enabled", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password field with autocomplete enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"id\": [\"None\", \"300\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:08.321000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.784Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1153, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "301", - "object_id": 301, - "object_repr": "Frameable response (potential Clickjacking)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Frameable response (potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"id\": [\"None\", \"301\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:08.600000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.831Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1154, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "302", - "object_id": 302, - "object_repr": "Cross-site scripting (reflected)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site scripting (reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"id\": [\"None\", \"302\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.076000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.871Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1155, - "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "303", - "object_id": 303, - "object_repr": "Unencrypted communications", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unencrypted communications\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"id\": [\"None\", \"303\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.291000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.915Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1156, + "pk": "hh7aa53kw2wh8y2qjhvhe77nmmgkpprg", "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "304", - "object_id": 304, - "object_repr": "Password returned in later response", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password returned in later response\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"304\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.503000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:18.958Z", - "additional_data": null + "session_data": ".eJxVjMsOgjAQRX_FdE2QRwvFpSsXmrg3hsx0iqBITR8rw79bowm6nHvOnCdrIfi-DU7bdiC2YTlLfjcEddPTG9AVpotJlZm8HTB9K-mXuvRgSI_br_sX6MH18Vs0HASXGUJdK55VgLyoC05CU4NdU6LGClVeUiMk5QpR5mUn6wKyEgsBMkbJXE2LVgMpG-7o2Ob0ZH7wo479nbnr6AQ7xmPN5mRBR2soKL_aD84vyuOzsvk8vwDdxlXd:1tgAX1:A2cnrBjS-SjpnonsUeWQnNJjfWT79Ahe-2WwfkEvp7c", + "expire_date": "2025-02-20T22:39:35.077Z" } }, { - "model": "auditlog.logentry", - "pk": 1157, + "model": "sessions.session", + "pk": "imsqmmk97qms70tz0e55yumkf5ehcfjw", "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "305", - "object_id": 305, - "object_repr": "Email addresses disclosed", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Email addresses disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"id\": [\"None\", \"305\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.709000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19Z", - "additional_data": null + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-07-19T22:22:52.744Z" } }, { - "model": "auditlog.logentry", - "pk": 1158, + "model": "sessions.session", + "pk": "jd1dvmzg2kdst1dvjvd82xto3two999q", "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "306", - "object_id": 306, - "object_repr": "Cross-site request forgery", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site request forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"id\": [\"None\", \"306\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:09.990000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.044Z", - "additional_data": null + "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-19T07:37:14.206Z" } }, { - "model": "auditlog.logentry", - "pk": 1159, + "model": "sessions.session", + "pk": "nrksf0iuveua4cjxcy9m5i5nvvnswks0", "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "307", - "object_id": 307, - "object_repr": "SQL injection", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL injection\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"id\": [\"None\", \"307\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.214000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.086Z", - "additional_data": null + "session_data": "MWJhOTUzZGJkYzRjOTcxYjg0YmNmNjQ2M2FjZTA1Y2I3YjQwMWU5Njp7ImRvam9fYnJlYWRjcnVtYnMiOlt7InVybCI6Ii8iLCJ0aXRsZSI6IkhvbWUifSx7InVybCI6Ii9wcm9kdWN0IiwidGl0bGUiOiJQcm9kdWN0IExpc3QifV0sIl9hdXRoX3VzZXJfaGFzaCI6ImM2YWE4OTg3OGRjMjJjMzc1MDkxMjVjMGE5ZTlhM2NlMjM3OWY4NGMiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-11-19T12:12:49.262Z" } }, { - "model": "auditlog.logentry", - "pk": 1160, + "model": "sessions.session", + "pk": "ocg999bmxmjn5q2ebcddpzbr1a3ewpvt", "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "308", - "object_id": 308, - "object_repr": "Path-relative style sheet import", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Path-relative style sheet import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"id\": [\"None\", \"308\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.480000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.132Z", - "additional_data": null + "session_data": "YjUxNTgzNmRiYzZiOWEwYzZlZDIyZDE4YTcxNmJkYTBmNWZiYWJiMDp7Il9hdXRoX3VzZXJfaGFzaCI6ImNhYmY1YzMzZTJlNTFkODUyNzQ0OWZjODE4YjJiNTVjMDlmNzU4NDAiLCJfYXV0aF91c2VyX2JhY2tlbmQiOiJkamFuZ28uY29udHJpYi5hdXRoLmJhY2tlbmRzLk1vZGVsQmFja2VuZCIsIl9hdXRoX3VzZXJfaWQiOiIxIn0=", + "expire_date": "2021-07-16T00:21:49.329Z" } }, { - "model": "auditlog.logentry", - "pk": 1161, + "model": "sites.site", "fields": { - "content_type": [ - "dojo", - "test_import" - ], - "object_pk": "309", - "object_id": 309, - "object_repr": "Cleartext submission of password", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cleartext submission of password\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"309\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:25:29.015000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 14:25:10.892000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.177Z", - "additional_data": null + "domain": "example.com", + "name": "example.com" } }, { - "model": "auditlog.logentry", - "pk": 1162, + "model": "admin.logentry", + "pk": 1, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-07-02T00:22:01.258Z", + "user": [ + "admin" ], - "object_pk": "310", - "object_id": 310, - "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 59\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(notFound)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"310\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:08.495000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:08.498000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.221Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1163, - "fields": { "content_type": [ - "dojo", - "test_import" + "auth", + "user" ], - "object_pk": "311", - "object_id": 311, - "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 58\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"311\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:08.748000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:08.751000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.260Z", - "additional_data": null + "object_id": "2", + "object_repr": "user1", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" } }, { - "model": "auditlog.logentry", - "pk": 1164, + "model": "admin.logentry", + "pk": 2, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-07-02T00:22:09.722Z", + "user": [ + "admin" ], - "object_pk": "312", - "object_id": 312, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 165\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"312\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.021000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.023000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.298Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1165, - "fields": { "content_type": [ - "dojo", - "test_import" + "auth", + "user" ], - "object_pk": "313", - "object_id": 313, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 82\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"313\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.244000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.246000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.338Z", - "additional_data": null + "object_id": "3", + "object_repr": "user2", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" } }, { - "model": "auditlog.logentry", - "pk": 1166, + "model": "admin.logentry", + "pk": 3, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:57:11.661Z", + "user": [ + "admin" ], - "object_pk": "314", - "object_id": 314, - "object_repr": "SQL string formatting-G201", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL string formatting-G201\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/sqli/function.go\\nLine number: 36-39\\nIssue Confidence: HIGH\\n\\nCode:\\nfmt.Sprintf(`SELECT p.user_id, p.full_name, p.city, p.phone_number \\n\\t\\t\\t\\t\\t\\t\\t\\tFROM Profile as p,Users as u \\n\\t\\t\\t\\t\\t\\t\\t\\twhere p.user_id = u.id \\n\\t\\t\\t\\t\\t\\t\\t\\tand u.id=%s`,uid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"314\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.431000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"929fb1c92b7a2aeeca7affb985361e279334bf9c72f1dd1e6120cfc134198ddd\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/sqli/function.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.434000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.387Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1167, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "315", - "object_id": 315, - "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"315\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.630000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"58ce5492f2393592d59ae209ae350b52dc807c0418ebb0f7421c428dba7ce6a5\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.633000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.433Z", - "additional_data": null + "object_id": "6", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" } }, { - "model": "auditlog.logentry", - "pk": 1168, + "model": "admin.logentry", + "pk": 4, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:57:21.204Z", + "user": [ + "admin" ], - "object_pk": "316", - "object_id": 316, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 124\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"316\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:09.840000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:09.843000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.478Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1169, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "317", - "object_id": 317, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 63\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"317\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.049000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"847363e3519e008224db4a0be2e123b779d1d7e8e9a26c9ff7fb09a1f8e010af\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.052000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.523Z", - "additional_data": null + "object_id": "4", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" } }, { - "model": "auditlog.logentry", - "pk": 1170, + "model": "admin.logentry", + "pk": 5, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:57:32.008Z", + "user": [ + "admin" ], - "object_pk": "318", - "object_id": 318, - "object_repr": "Use of weak cryptographic primitive-G401", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 164\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"318\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.279000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"01b1dd016d858a85a8d6ff3b60e68d5073f35b3d853c8cc076c2a65b22ddd37f\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.281000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.561Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1171, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "319", - "object_id": 319, - "object_repr": "Use of weak cryptographic primitive-G401", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 160\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"319\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.485000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"493bcf78ff02a621a02c282a3f85008d5c2d9aeaea342252083d3f66af9895b4\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.488000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.595Z", - "additional_data": null + "object_id": "2", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" } }, { - "model": "auditlog.logentry", - "pk": 1172, + "model": "admin.logentry", + "pk": 6, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:58:15.735Z", + "user": [ + "admin" ], - "object_pk": "320", - "object_id": 320, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 35\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write(b)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"320\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.677000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.679000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.641Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1173, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "321", - "object_id": 321, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 70\\nIssue Confidence: HIGH\\n\\nCode:\\nsqlmapDetected, _ := regexp.MatchString(\\\"sqlmap*\\\", userAgent)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"321\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:10.869000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:10.872000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.685Z", - "additional_data": null + "object_id": "3", + "object_repr": "High Impact test finding", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"severity\"]}}]" } }, { - "model": "auditlog.logentry", - "pk": 1174, + "model": "admin.logentry", + "pk": 7, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:58:43.433Z", + "user": [ + "admin" ], - "object_pk": "322", - "object_id": 322, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/middleware/middleware.go\\nLine number: 73\\nIssue Confidence: HIGH\\n\\nCode:\\nw.Write([]byte(\\\"Forbidden\\\"))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"322\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.062000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"0e0592103f29773f1fcf3ec4d2bbadd094b71c0ed693fd7f437f21b1a7f466de\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/middleware/middleware.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.065000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.729Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1175, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "323", - "object_id": 323, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/app.go\\nLine number: 79\\nIssue Confidence: HIGH\\n\\nCode:\\ns.ListenAndServe()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"323\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.239000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2573d64a8468fbbc714c4aa527a5e4f25c8283cbc2b538150e9405141fa47a95\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/app.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.242000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.772Z", - "additional_data": null + "object_id": "5", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" } }, { - "model": "auditlog.logentry", - "pk": 1176, + "model": "admin.logentry", + "pk": 8, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:58:43.474Z", + "user": [ + "admin" ], - "object_pk": "324", - "object_id": 324, - "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 62\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(value)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"324\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.433000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.435000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.815Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1177, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "325", - "object_id": 325, - "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 63\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(vuln)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"325\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.620000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.622000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.860Z", - "additional_data": null + "object_id": "7", + "object_repr": "DUMMY FINDING", + "action_flag": 3, + "change_message": "" } }, { - "model": "auditlog.logentry", - "pk": 1178, + "model": "admin.logentry", + "pk": 9, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:58:43.495Z", + "user": [ + "admin" ], - "object_pk": "326", - "object_id": 326, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 66\\nIssue Confidence: HIGH\\n\\nCode:\\n_ = db.QueryRow(sql).Scan(&version)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"326\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.797000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.800000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.903Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1179, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "327", - "object_id": 327, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/setting/setting.go\\nLine number: 64\\nIssue Confidence: HIGH\\n\\nCode:\\ndb,_ := database.Connect()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"327\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:11.990000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"6a2543c093ae3492085ed185e29728240264e6b42d20e2594afa0e3bde0df7ed\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/setting/setting.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:11.992000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.943Z", - "additional_data": null + "object_id": "6", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" } }, { - "model": "auditlog.logentry", - "pk": 1180, + "model": "admin.logentry", + "pk": 10, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:58:43.501Z", + "user": [ + "admin" ], - "object_pk": "328", - "object_id": 328, - "object_repr": "Use of weak cryptographic primitive-G401", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Use of weak cryptographic primitive-G401\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 62\\nIssue Confidence: HIGH\\n\\nCode:\\nmd5.New()\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"328\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.172000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"409f83523798dff3b0158749c30b73728e1d3b193b51ee6cd1c6cd37c372d692\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.175000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:19.982Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1181, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "329", - "object_id": 329, - "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/csa/csa.go\\nLine number: 7\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"329\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.359000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"822e39e3de094312f76b22d54357c8d7bbd9b015150b89e2664d45a9bba989e1\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/csa/csa.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.361000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.022Z", - "additional_data": null + "object_id": "4", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" } }, { - "model": "auditlog.logentry", - "pk": 1182, + "model": "admin.logentry", + "pk": 11, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:58:43.507Z", + "user": [ + "admin" ], - "object_pk": "330", - "object_id": 330, - "object_repr": "Blacklisted import crypto/md5: weak cryptographic primitive-G501", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Blacklisted import crypto/md5: weak cryptographic primitive-G501\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 8\\nIssue Confidence: HIGH\\n\\nCode:\\n\\\"crypto/md5\\\"\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"330\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.552000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1569ac5fdd45a35ee5a0d1b93c485a834fbdc4fb9b73ad56414335ad9bd862ca\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.555000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.064Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1183, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "331", - "object_id": 331, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/cookie.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\ncookie, _ := r.Cookie(name)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"331\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.737000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"9b2ac951d86e5d4cd419cabdea51aca6a3aaadef4bae8683c655bdba8427669a\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/cookie.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.739000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.108Z", - "additional_data": null + "object_id": "3", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" } }, { - "model": "auditlog.logentry", - "pk": 1184, + "model": "admin.logentry", + "pk": 12, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T08:58:43.512Z", + "user": [ + "admin" ], - "object_pk": "332", - "object_id": 332, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 42\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"332\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:12.979000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:12.982000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.149Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1185, - "fields": { "content_type": [ "dojo", "test_import" ], - "object_pk": "333", - "object_id": 333, - "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/xss/xss.go\\nLine number: 100\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(inlineJS)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"333\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.202000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"ac6eead6ef51634c47bbe1a2722fda95f0772202132e9a94d78b314a454533a9\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/xss/xss.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.204000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.186Z", - "additional_data": null + "object_id": "2", + "object_repr": "High Impact test finding", + "action_flag": 3, + "change_message": "" } }, { - "model": "auditlog.logentry", - "pk": 1186, + "model": "admin.logentry", + "pk": 13, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T09:00:09.825Z", + "user": [ + "admin" ], - "object_pk": "334", - "object_id": 334, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/vulnerability/idor/idor.go\\nLine number: 61\\nIssue Confidence: HIGH\\n\\nCode:\\np.GetData(sid)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"334\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.417000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"b07a2dcd65f4741740291c39b71bc9312b4a0327196594046d6c48421c2ceea3\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/vulnerability/idor/idor.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.420000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.226Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1187, - "fields": { "content_type": [ "dojo", - "test_import" + "jira_issue" ], - "object_pk": "335", - "object_id": 335, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/user/user.go\\nLine number: 161\\nIssue Confidence: HIGH\\n\\nCode:\\nhasher.Write([]byte(text))\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"335\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.631000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"27a0fde11f7ea3c405d889bde32e8fe532dc07017d6329af39726761aca0a5aa\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/user/user.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.635000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.267Z", - "additional_data": null + "object_id": "1", + "object_repr": "Java", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" } }, { - "model": "auditlog.logentry", - "pk": 1188, + "model": "admin.logentry", + "pk": 14, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T09:13:05.793Z", + "user": [ + "admin" ], - "object_pk": "336", - "object_id": 336, - "object_repr": "Errors unhandled.-G104", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Errors unhandled.-G104\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 41\\nIssue Confidence: HIGH\\n\\nCode:\\ntemplate.ExecuteTemplate(w, name, data)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"336\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:13.917000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a1db5cdf4a0ef0f4b09c2e5205dd5d8ccb3522f5d0c92892c52f5bc2f81407ab\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:13.920000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.306Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1189, - "fields": { "content_type": [ "dojo", - "test_import" + "jira_issue" ], - "object_pk": "337", - "object_id": 337, - "object_repr": "this method will not auto-escape HTML. Verify data is well formed.-G203", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"this method will not auto-escape HTML. Verify data is well formed.-G203\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"url\": [\"None\", \"N/A\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"Filename: /vagrant/go/src/govwa/util/template.go\\nLine number: 45\\nIssue Confidence: LOW\\n\\nCode:\\ntemplate.HTML(text)\\n\"], \"mitigation\": [\"None\", \"coming soon\"], \"impact\": [\"None\", \"\"], \"id\": [\"None\", \"337\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Gosec Scanner\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 14:45:14.148000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2f4ca826c1093b3fc8c55005f600410d9626704312a6a958544393f936ef9a66\"], \"file_path\": [\"None\", \"/vagrant/go/src/govwa/util/template.go\"], \"static_finding\": [\"None\", \"True\"], \"dynamic_finding\": [\"None\", \"False\"], \"created\": [\"None\", \"2021-11-04 14:45:14.152000\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.345Z", - "additional_data": null + "object_id": "4", + "object_repr": "XML", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" } }, { - "model": "auditlog.logentry", - "pk": 1190, + "model": "admin.logentry", + "pk": 15, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T09:14:00.425Z", + "user": [ + "admin" ], - "object_pk": "338", - "object_id": 338, - "object_repr": "Password field with autocomplete enabled", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password field with autocomplete enabled\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields with autocomplete enabled:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field with autocomplete enabled:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo prevent browsers from storing credentials entered into HTML forms, include the attribute **autocomplete=\\\"off\\\"** within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).\\n\\nPlease note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.\\n\"], \"impact\": [\"None\", \"Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.\\n\\nThe stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials. \\n\"], \"id\": [\"None\", \"338\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:56.374000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:56.377000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.391Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1191, - "fields": { "content_type": [ "dojo", - "test_import" + "jira_issue" ], - "object_pk": "339", - "object_id": 339, - "object_repr": "Frameable response (potential Clickjacking)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Frameable response (potential Clickjacking)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/logout.jsp\\n\\n\\nURL: http://localhost:8888/\\n\\n\\nURL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nTo effectively prevent framing attacks, the application should return a response header with the name **X-Frame-Options** and the value **DENY** to prevent framing altogether, or the value **SAMEORIGIN** to allow framing only by pages on the same origin as the response itself. Note that the SAMEORIGIN header can be partially bypassed if the application itself can be made to frame untrusted websites.\\n\"], \"impact\": [\"None\", \"If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker's page overlays the target application's interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.\\n\\nNote that some applications attempt to prevent these attacks from within the HTML page itself, using \\\"framebusting\\\" code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.\\n\\nYou should determine whether any functions accessible within frameable pages can be used by application users to perform any sensitive actions within the application. \\n\"], \"id\": [\"None\", \"339\"], \"references\": [\"None\", \"\\n\\n * [X-Frame-Options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:56.664000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:56.668000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.432Z", - "additional_data": null + "object_id": "3", + "object_repr": "JavaScript", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" } }, { - "model": "auditlog.logentry", - "pk": 1192, + "model": "admin.logentry", + "pk": 16, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T09:20:33.497Z", + "user": [ + "admin" ], - "object_pk": "340", - "object_id": 340, - "object_repr": "Cross-site scripting (reflected)", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site scripting (reflected)\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe value of the **q** request parameter is copied into the HTML document as plain text between tags. The payload **k8fto nwx3l** was submitted in the q parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe value of the **username** request parameter is copied into the HTML document as plain text between tags. The payload **yf136 jledu** was submitted in the username parameter. This input was echoed unmodified in the application's response. \\n \\nThis proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nIn most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:\\n\\n * Input should be validated as strictly as possible on arrival, given the kind of content that it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitized.\\n * User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > \\\" ' and =, should be replaced with the corresponding HTML entities (< > etc).\\n\\n\\n\\nIn cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.\\n\"], \"impact\": [\"None\", \"Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.\\n\\nThe attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.\\n\\nUsers can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).\\n\\nThe security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk. \\n\"], \"id\": [\"None\", \"340\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Find XSS issues](https://support.portswigger.net/customer/portal/articles/1965737-Methodology_XSS.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.169000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"d0353a775431e2fcf6ba2245bba4a11a68a0961e4f6baba21095c56e4c52287c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.173000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.479Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1193, - "fields": { "content_type": [ "dojo", - "test_import" + "notification_webhooks" ], - "object_pk": "341", - "object_id": 341, - "object_repr": "Unencrypted communications", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Unencrypted communications\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Low\"], \"description\": [\"None\", \"URL: http://localhost:8888/\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.\\n\"], \"impact\": [\"None\", \"The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.\\n\\nTo exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. \\n\\nPlease note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.\\n\"], \"id\": [\"None\", \"341\"], \"references\": [\"None\", \"\\n\\n * [Marking HTTP as non-secure](https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure)\\n * [Configuring Server-Side SSL/TLS](https://wiki.mozilla.org/Security/Server_Side_TLS)\\n * [HTTP Strict Transport Security](https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S3\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.467000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"7b79656db5b18827a177cdef000720f62cf139c43bfbb8f1f6c2e1382e28b503\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.469000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.526Z", - "additional_data": null + "object_id": "1", + "object_repr": "Tomcat | Bodgeit", + "action_flag": 1, + "change_message": "[{\"added\": {}}]" } }, { - "model": "auditlog.logentry", - "pk": 1194, + "model": "admin.logentry", + "pk": 17, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-04T13:06:05.480Z", + "user": [ + "admin" ], - "object_pk": "342", - "object_id": 342, - "object_repr": "Password returned in later response", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Password returned in later response\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Medium\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThere is usually no good reason for an application to return users' passwords in its responses. If user impersonation is a business requirement this would be better implemented as a custom function with associated logging.\\n\"], \"impact\": [\"None\", \"Some applications return passwords submitted to the application in clear form in later responses. This behavior increases the risk that users' passwords will be captured by an attacker. Many types of vulnerability, such as weaknesses in session handling, broken access controls, and cross-site scripting, could enable an attacker to leverage this behavior to retrieve the passwords of other application users. This possibility typically exacerbates the impact of those other vulnerabilities, and in some situations can enable an attacker to quickly compromise the entire application.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"342\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S2\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.725000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"a073a661ec300f853780ebd20d17abefb6c3bcf666776ddea1ab2e3e3c6d9428\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.728000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.568Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1195, - "fields": { "content_type": [ "dojo", - "test_import" + "jira_issue" ], - "object_pk": "343", - "object_id": 343, - "object_repr": "Email addresses disclosed", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Email addresses disclosed\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe following email addresses were disclosed in the response:\\n\\n * admin@thebodgeitstore.com\\n * test@test.com\\n * test@thebodgeitstore.com\\n * user1@thebodgeitstore.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe following email address was disclosed in the response:\\n\\n * test@test.com\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nConsider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).\\n\\nTo reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead providing a form that generates the email server-side, protected by a CAPTCHA if necessary. \\n\"], \"impact\": [\"None\", \"The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.\\n\\nHowever, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.\\n\"], \"id\": [\"None\", \"343\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:57.976000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"2b9640feda092762b423f98809677e58d24ccd79c948df2e052d3f22274ebe8f\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:57.978000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.610Z", - "additional_data": null + "object_id": "2", + "object_repr": "Python", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"user\", \"files\", \"blank\", \"comment\", \"code\"]}}]" } }, { - "model": "auditlog.logentry", - "pk": 1196, + "model": "admin.logentry", + "pk": 18, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-05T07:13:16.077Z", + "user": [ + "admin" ], - "object_pk": "344", - "object_id": 344, - "object_repr": "Cross-site request forgery", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cross-site request forgery\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.\\n\\nAn alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses. \\n\"], \"impact\": [\"None\", \"Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:\\n\\n * The request can be issued cross-domain, for example using an HTML form. If the request contains non-standard headers or body content, then it may only be issuable from a page that originated on the same domain.\\n * The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the request. If the application places session-related tokens elsewhere within the request, then it may not be vulnerable.\\n * The request performs some privileged action within the application, which modifies the application's state based on the identity of the issuing user.\\n * The attacker can determine all the parameters required to construct a request that performs the action. If the request contains any values that the attacker cannot determine or predict, then it is not vulnerable.\\n\\n\\n\"], \"id\": [\"None\", \"344\"], \"references\": [\"None\", \"\\n\\n * [Using Burp to Test for Cross-Site Request Forgery](https://support.portswigger.net/customer/portal/articles/1965674-using-burp-to-test-for-cross-site-request-forgery-csrf-)\\n * [The Deputies Are Still Confused](https://media.blackhat.com/eu-13/briefings/Lundeen/bh-eu-13-deputies-still-confused-lundeen-wp.pdf)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.316000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"1c732e92e6e9b89c90bd4ef40579d4c06791cc635e6fb16c00f2d443c5922ffa\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.319000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.655Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1197, - "fields": { "content_type": [ - "dojo", - "test_import" + "auth", + "user" ], - "object_pk": "345", - "object_id": 345, - "object_repr": "SQL injection", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"SQL injection\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **username** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the username parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe **password** parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe **b_id** cookie appears to be vulnerable to SQL injection attacks. The payload **'** was submitted in the b_id cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present. \\n \\nThe database appears to be Microsoft SQL Server.\\n\\n\"], \"mitigation\": [\"None\", \"The application should handle errors gracefully and prevent SQL error messages from being returned in responses. \\n\\n\\nThe most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize _every_ variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.\\n\\nYou should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective: \\n\\n * One common defense is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defense is designed to prevent malformed data from terminating the string into which it is inserted. However, if the data being incorporated into queries is numeric, then the defense may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defense to be bypassed.\\n * Another often cited defense is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.\\n\\n\\n\"], \"impact\": [\"None\", \"SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.\\n\\nA wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server. \\n\"], \"id\": [\"None\", \"345\"], \"references\": [\"None\", \"\\n * [Using Burp to Test for Injection Flaws](https://support.portswigger.net/customer/portal/articles/1965677-using-burp-to-test-for-injection-flaws)\\n * [SQL Injection Cheat Sheet](http://websec.ca/kb/sql_injection)\\n * [SQL Injection Prevention Cheat Sheet](https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.571000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"31215cff140491cdd84abb9246ad91145069efda2bdb319b75e2ee916219178a\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.575000\"], \"scanner_confidence\": [\"None\", \"4\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.700Z", - "additional_data": null + "object_id": "1", + "object_repr": "admin", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" } }, { - "model": "auditlog.logentry", - "pk": 1198, + "model": "admin.logentry", + "pk": 19, "fields": { - "content_type": [ - "dojo", - "test_import" + "action_time": "2021-11-05T07:13:53.435Z", + "user": [ + "admin" ], - "object_pk": "346", - "object_id": 346, - "object_repr": "Path-relative style sheet import", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Path-relative style sheet import\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"Info\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/search.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/logout.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/score.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/product.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/home.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/contact.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/admin.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/advanced.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/basket.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/about.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\nURL: http://localhost:8888/bodgeit/\\n\\nThe application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present. \\n \\nBurp was not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nThe root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures: \\n\\n * Setting the HTTP response header \\\"X-Frame-Options: deny\\\" in all responses. One method that an attacker can use to make a page render in quirks mode is to frame it within their own page that is rendered in quirks mode. Setting this header prevents the page from being framed.\\n * Setting a modern doctype (e.g. \\\"\\\") in all HTML responses. This prevents the page from being rendered in quirks mode (unless it is being framed, as described above).\\n * Setting the HTTP response header \\\"X-Content-Type-Options: no sniff\\\" in all responses. This prevents the browser from processing a non-CSS response as CSS, even if another page loads the response via a style sheet import.\\n\\n\\n\"], \"impact\": [\"None\", \"Path-relative style sheet import vulnerabilities arise when the following conditions hold:\\n\\n 1. A response contains a style sheet import that uses a path-relative URL (for example, the page at \\\"/original-path/file.php\\\" might import \\\"styles/main.css\\\").\\n 2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, \\\"/original-path/file.php/extra-junk/\\\"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.\\n 3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.\\n 4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL \\\"/original-path/file.php/extra-junk/styles/main.css\\\"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.\\n 5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.\\n\\n\\n\\nGiven the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate. Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:\\n\\n * Executing arbitrary JavaScript using IE's expression() function.\\n * Using CSS selectors to read parts of the HTML source, which may include sensitive data such as anti-CSRF tokens.\\n * Capturing any sensitive data within the URL query string by making a further style sheet import to a URL on the attacker's domain, and monitoring the incoming Referer header.\\n\\n\\n\"], \"id\": [\"None\", \"346\"], \"references\": [\"None\", \"\\n * [Detecting and exploiting path-relative stylesheet import (PRSSI) vulnerabilities](http://blog.portswigger.net/2015/02/prssi.html)\\n\\n\\n\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S4\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:58.868000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"e2a968190c3c79023378ef6f30612b6119bc867f303aafc91eb3bd191d05b90d\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:58.871000\"], \"scanner_confidence\": [\"None\", \"7\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.747Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1199, - "fields": { "content_type": [ - "dojo", - "test_import" + "auth", + "user" ], - "object_pk": "347", - "object_id": 347, - "object_repr": "Cleartext submission of password", - "serialized_data": null, - "action": 0, - "changes": "{\"original_finding\": [\"None\", \"dojo.Finding.None\"], \"finding\": [\"None\", \"dojo.Cred_Mapping.None\"], \"title\": [\"None\", \"Cleartext submission of password\"], \"date\": [\"None\", \"2021-11-03\"], \"cwe\": [\"None\", \"0\"], \"severity\": [\"None\", \"High\"], \"description\": [\"None\", \"URL: http://localhost:8888/bodgeit/password.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/password.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/register.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/register.jsp\\n\\nThe form contains the following password fields:\\n * password1\\n * password2\\n\\n\\n\\nURL: http://localhost:8888/bodgeit/login.jsp\\n\\nThe page contains a form with the following action URL, which is submitted over clear-text HTTP:\\n\\n * http://localhost:8888/bodgeit/login.jsp\\n\\nThe form contains the following password field:\\n * password\\n\\n\\n\\n\"], \"mitigation\": [\"None\", \"\\n\\nApplications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.\\n\"], \"impact\": [\"None\", \"Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.\\n\\nVulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.\\n\"], \"id\": [\"None\", \"347\"], \"references\": [\"None\", \"\"], \"finding_meta\": [\"None\", \"dojo.DojoMeta.None\"], \"test\": [\"None\", \"Burp Scan\"], \"active\": [\"None\", \"True\"], \"verified\": [\"None\", \"True\"], \"false_p\": [\"None\", \"False\"], \"duplicate\": [\"None\", \"False\"], \"out_of_scope\": [\"None\", \"False\"], \"risk_accepted\": [\"None\", \"False\"], \"under_review\": [\"None\", \"False\"], \"under_defect_review\": [\"None\", \"False\"], \"is_mitigated\": [\"None\", \"False\"], \"thread_id\": [\"None\", \"0\"], \"reporter\": [\"None\", \"admin\"], \"numerical_severity\": [\"None\", \"S1\"], \"last_reviewed\": [\"None\", \"2021-11-04 18:20:59.333000\"], \"last_reviewed_by\": [\"None\", \"admin\"], \"hash_code\": [\"None\", \"cef2dcb7c7787157edc70e85d5017e72d1dbca1fd80909f5d76cda85a9bdec2c\"], \"static_finding\": [\"None\", \"False\"], \"dynamic_finding\": [\"None\", \"True\"], \"created\": [\"None\", \"2021-11-04 18:20:59.337000\"], \"scanner_confidence\": [\"None\", \"1\"], \"status_finding\": [\"None\", \"dojo.Endpoint_Status.None\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.793Z", - "additional_data": null + "object_id": "2", + "object_repr": "product_manager", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"password\"]}}]" } }, { - "model": "auditlog.logentry", - "pk": 1200, + "model": "admin.logentry", + "pk": 20, "fields": { - "content_type": [ - "dojo", - "finding" + "action_time": "2021-11-05T07:21:45.543Z", + "user": [ + "admin" ], - "object_pk": "1", - "object_id": 1, - "object_repr": "XSS template", - "serialized_data": null, - "action": 0, - "changes": "{\"description\": [\"None\", \"XSS test template\"], \"mitigation\": [\"None\", \"\"], \"impact\": [\"None\", \"\"], \"references\": [\"None\", \"\"], \"template_match\": [\"None\", \"False\"], \"template_match_title\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"title\": [\"None\", \"XSS template\"], \"severity\": [\"None\", \"HIGH\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:20.836Z", - "additional_data": null - } -}, -{ - "model": "auditlog.logentry", - "pk": 1203, - "fields": { "content_type": [ - "dojo", - "finding_group" + "auth", + "user" ], - "object_pk": "1", - "object_id": 1, - "object_repr": "Simple Builtin Risk Acceptance", - "serialized_data": null, - "action": 0, - "changes": "{\"created\": [\"None\", \"2024-01-28 23:13:08.520000\"], \"name\": [\"None\", \"Simple Builtin Risk Acceptance\"], \"recommendation\": [\"None\", \"F\"], \"decision\": [\"None\", \"A\"], \"decision_details\": [\"None\", \"These findings are accepted using a simple risk acceptance without expiration date, approval document or compensating control information. Unaccept and use full risk acceptance if you need to have more control over those fields.\"], \"path\": [\"None\", \"\"], \"owner\": [\"None\", \"(admin)\"], \"reactivate_expired\": [\"None\", \"True\"], \"restart_sla_expired\": [\"None\", \"False\"], \"id\": [\"None\", \"1\"], \"updated\": [\"None\", \"2024-01-28 23:13:08.520000\"]}", - "actor": null, - "remote_addr": null, - "timestamp": "2025-01-09T17:47:21.137Z", - "additional_data": null + "object_id": "2", + "object_repr": "product_manager", + "action_flag": 2, + "change_message": "[{\"changed\": {\"fields\": [\"is_staff\"]}}]" } }, { @@ -16886,6 +834,10 @@ "enable_notify_sla_exponential_backoff": false, "allow_anonymous_survey_repsonse": false, "credentials": "", + "disclaimer_notifications": "", + "disclaimer_reports": "", + "disclaimer_reports_forced": false, + "disclaimer_notes": "", "risk_acceptance_form_default_days": 180, "risk_acceptance_notify_before_expiration": 10, "enable_credentials": true, @@ -18666,10 +2618,10 @@ ], "created": null, "prod_type": 3, - "updated": null, + "updated": "2025-02-06T22:39:22.655Z", "sla_configuration": 1, "tid": 0, - "prod_numeric_grade": null, + "prod_numeric_grade": 100, "business_criticality": "high", "platform": "web", "lifecycle": "production", @@ -73238,6 +57190,24 @@ "meta_encoded": "{\"status\": \"Active, Verified\", \"jira_issue__jira_key\": \"\", \"test__engagement__product__name\": \"Internal CRM App\", \"severity\": \"Info\", \"severity_display\": \"Info\", \"latest_note\": \"\"}" } }, +{ + "model": "watson.searchentry", + "pk": 777, + "fields": { + "engine_slug": "default", + "content_type": [ + "dojo", + "product" + ], + "object_id": "3", + "object_id_int": 3, + "title": "Apple Accounting Software", + "description": "", + "content": "Apple Accounting Software Accounting software is typically composed of various modules, different sections dealing with particular areas of accounting. Among the most common are:\r\n\r\n**Core modules**\r\n\r\n* Accounts receivable—where the company enters money received\r\n* Accounts payable—where the company enters its bills and pays money it owes\r\n* General ledger—the company's \"books\"\r\n* Billing—where the company produces invoices to clients/customers high web production purchased 3 Billing", + "url": "/product/3", + "meta_encoded": "{\"prod_type__name\": \"Billing\"}" + } +}, { "model": "authtoken.token", "pk": "184770c4c3256aba904297610fbb4da3fa15ba39", diff --git a/unittests/test_sample_data.py b/unittests/test_sample_data.py index f6a4db6d8a1..9d83bc9426a 100644 --- a/unittests/test_sample_data.py +++ b/unittests/test_sample_data.py @@ -11,6 +11,7 @@ def test_loaddata(self): python3 manage.py dumpdata \ --exclude auth.permission \ --exclude contenttypes \ + --exclude auditlog.logentry \ --natural-foreign \ --natural-primary \ --indent 2 \ From 605ccf082020eb8b9b34316c7ce45cb107f9360d Mon Sep 17 00:00:00 2001 From: Charles Neill <1749665+cneill@users.noreply.github.com> Date: Fri, 7 Feb 2025 11:50:08 -0600 Subject: [PATCH 8/9] Fixing call to date_parser in AWS Inspector2 parser (#11767) * Fixing call to date_parser in AWS Inspector parser * Tweaked unit test * Linter fix --- dojo/tools/aws_inspector2/parser.py | 14 +++++++------- .../aws_inspector2/aws_inspector2_many_vul.json | 4 ++-- unittests/tools/test_aws_inspector2_parser.py | 6 ++++++ 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/dojo/tools/aws_inspector2/parser.py b/dojo/tools/aws_inspector2/parser.py index 2281992c81e..b82cdf3466d 100644 --- a/dojo/tools/aws_inspector2/parser.py +++ b/dojo/tools/aws_inspector2/parser.py @@ -86,7 +86,7 @@ def get_base_finding(self, raw_finding: dict) -> Finding: is_mitigated = True active = False if (last_observed := raw_finding.get("lastObservedAt")) is not None: - mitigated = date_parser(last_observed) + mitigated = date_parser.parse(last_observed) else: mitigated = datetime.now(UTC) finding.active = active @@ -102,11 +102,11 @@ def get_package_vulnerability(self, finding: Finding, raw_finding: dict) -> Find vulnerability_packages_descriptions = "\n".join( [ ( - f'*Vulnerable package*: {vulnerability_package.get("name", "N/A")}\n' - f'\tpackage manager: {vulnerability_package.get("packageManager", "N/A")}\n' - f'\tversion: {vulnerability_package.get("version", "N/A")}\n' - f'\tfixed version: {vulnerability_package.get("fixedInVersion", "N/A")}\n' - f'\tremediation: {vulnerability_package.get("remediation", "N/A")}\n' + f"*Vulnerable package*: {vulnerability_package.get('name', 'N/A')}\n" + f"\tpackage manager: {vulnerability_package.get('packageManager', 'N/A')}\n" + f"\tversion: {vulnerability_package.get('version', 'N/A')}\n" + f"\tfixed version: {vulnerability_package.get('fixedInVersion', 'N/A')}\n" + f"\tremediation: {vulnerability_package.get('remediation', 'N/A')}\n" ) for vulnerability_package in vulnerability_details.get("vulnerablePackages", []) ], @@ -165,7 +165,7 @@ def get_network_reachability(self, finding: Finding, raw_finding: dict) -> Findi network_path_steps = network_path_info.get("steps", []) steps_descriptions = "\n".join( [ - f'steps:\n{step_number}: {step.get("componentId", "N/A")} {step.get("componentType", "N/A")}' + f"steps:\n{step_number}: {step.get('componentId', 'N/A')} {step.get('componentType', 'N/A')}" for step_number, step in enumerate(network_path_steps) ], ) diff --git a/unittests/scans/aws_inspector2/aws_inspector2_many_vul.json b/unittests/scans/aws_inspector2/aws_inspector2_many_vul.json index c3083037c69..d7839f2e89b 100644 --- a/unittests/scans/aws_inspector2/aws_inspector2_many_vul.json +++ b/unittests/scans/aws_inspector2/aws_inspector2_many_vul.json @@ -80,7 +80,7 @@ } ], "severity": "MEDIUM", - "status": "ACTIVE", + "status": "CLOSED", "title": "CVE-2021-3744 - linux", "type": "PACKAGE_VULNERABILITY", "updatedAt": "2024-06-14T04:03:53.051000+02:00" @@ -677,4 +677,4 @@ "updatedAt": "2024-03-19T15:31:08.006000+01:00" } ] -} \ No newline at end of file +} diff --git a/unittests/tools/test_aws_inspector2_parser.py b/unittests/tools/test_aws_inspector2_parser.py index ff47cbd5177..e5cb2bb235c 100644 --- a/unittests/tools/test_aws_inspector2_parser.py +++ b/unittests/tools/test_aws_inspector2_parser.py @@ -1,3 +1,6 @@ +from datetime import datetime + +from dateutil.tz import tzoffset from django.test import TestCase from dojo.models import Test @@ -35,6 +38,9 @@ def test_aws_inspector2_parser_with_many_vuln_has_many_findings(self): for endpoint in finding.unsaved_endpoints: endpoint.clean() self.assertEqual(8, len(findings)) + self.assertEqual(True, findings[0].is_mitigated) + # 2024-06-14T04:03:53.051000+02:00 + self.assertEqual(datetime(2024, 6, 14, 4, 3, 53, 51000, tzinfo=tzoffset(None, 7200)), findings[0].mitigated) def test_aws_inspector2_parser_empty_with_error(self): with self.assertRaises(TypeError) as context: From 78f6c63f50132d7aad090ad2e6f07a8a22b4c5ee Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 10 Feb 2025 15:27:22 +0000 Subject: [PATCH 9/9] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index 559dcab7c3f..feaaf8979ed 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.44.0-dev", + "version": "2.43.1", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index 2346195ed21..1c207866128 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.43.0" +__version__ = "2.43.1" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index ad71d52463b..350c88f3bcb 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.44.0-dev" +appVersion: "2.43.1" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.172-dev +version: 1.6.172 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap