-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAltoroJ_Issues_March-1-2024_3-27-PM.sarif
1 lines (1 loc) · 18.9 KB
/
AltoroJ_Issues_March-1-2024_3-27-PM.sarif
1
{"$schema":"https://schemastore.azurewebsites.net/schemas/json/sarif-2.1.0-rtm.5.json","version":"2.1.0","runs":[{"tool":{"driver":{"name":"HCL AppScan Static Analyzer"}},"artifacts":[{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/WebContent/feedbacksuccess.jsp"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/WebContent/disclaimer.htm"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/WebContent/feedback.jsp"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3/2/WebContent/footer/jspf.java"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3/2/WebContent/header/jspf.java"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/WebContent/index.jsp"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/WebContent/search.jsp"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/WebContent/subscribe.jsp"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/src/com/ibm/security/appscan/altoromutual/util/DBUtil.java"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/src/com/ibm/security/appscan/altoromutual/filter/ApiAuthFilter.java"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/src/com/ibm/security/appscan/altoromutual/util/OperationsUtil.java"}},{"location":{"uri":"file:///AltoroJ-AltoroJ-3.2/src/com/ibm/security/appscan/altoromutual/servlet/CCApplyServlet.java"}}],"results":[{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":42}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\feedbacksuccess.jsp"}]}],"guid":"2463891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"2142995778"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA3690538142","message":{"text":"Allowing untrusted site by passing user controlled input"},"locations":[{"physicalLocation":{"artifactLocation":{"index":1},"region":{"startLine":19}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\disclaimer.htm"}]}],"guid":"1863891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"905906491"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Validation.Required.URL.Redirect"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":46}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\feedbacksuccess.jsp"}]}],"guid":"2763891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1329689678"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":48}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\feedbacksuccess.jsp"}]}],"guid":"2a63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1754677730"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA3690538142","message":{"text":"Allowing untrusted site by passing user controlled input"},"locations":[{"physicalLocation":{"artifactLocation":{"index":1},"region":{"startLine":35}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\disclaimer.htm"}]}],"guid":"1b63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1372265470"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Validation.Required.URL.Redirect"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":74}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\feedbacksuccess.jsp"}]}],"guid":"2d63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1602143669"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA1827085180","message":{"text":"Insecure Use of Document.Write"},"locations":[{"physicalLocation":{"artifactLocation":{"index":1},"region":{"startLine":50}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\disclaimer.htm"}]}],"guid":"1e63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"2098752939"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":2},"region":{"startLine":59}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\feedback.jsp"}]}],"guid":"2163891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-157773387"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":78}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\feedbacksuccess.jsp"}]}],"guid":"3063891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"175647660"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":82}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\feedbacksuccess.jsp"}]}],"guid":"3363891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"2015183748"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":3},"region":{"startLine":29}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\footer.jspf"}]}],"guid":"3c63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1661929222"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":0},"region":{"startLine":86}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\feedbacksuccess.jsp"}]}],"guid":"3663891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"626640321"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":3},"region":{"startLine":31}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\footer.jspf"}]}],"guid":"3f63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-414187745"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":3},"region":{"startLine":27}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\footer.jspf"}]}],"guid":"3963891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1385296597"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":3},"region":{"startLine":33}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\footer.jspf"}]}],"guid":"4c63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"833553732"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":37}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"5263891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-218463768"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":32}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"4f63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1466205245"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":40}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"5563891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1029277709"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":42}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"5e63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1966135695"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":42}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"5863891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-883566278"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":48}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"6163891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-770206633"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":42}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"5b63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-2017948110"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":56}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"6463891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"477534844"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":56}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"6a63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1461793947"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":56}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"6763891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1457821581"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":57}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"6d63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1725276321"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":5},"region":{"startLine":91}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\index.jsp"}]}],"guid":"7663891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-870153679"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":58}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"7063891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1321949498"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":5},"region":{"startLine":93}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\index.jsp"}]}],"guid":"7963891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-679251055"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":4},"region":{"startLine":59}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\header.jspf"}]}],"guid":"7363891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-74208021"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":5},"region":{"startLine":101}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\index.jsp"}]}],"guid":"7c63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1331749205"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":6},"region":{"startLine":44}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\search.jsp"}]}],"guid":"8263891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-560277932"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":5},"region":{"startLine":103}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\index.jsp"}]}],"guid":"7f63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"720897342"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA2794119703","message":{"text":"JSP expression tags can lead to cross-site scripting attacks"},"locations":[{"physicalLocation":{"artifactLocation":{"index":7},"region":{"startLine":40}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\WebContent\\subscribe.jsp"}]}],"guid":"8563891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1358391529"},"properties":{"Severity":"High","Status":"Open","IssueType":"CrossSiteScripting.Reflected"}},{"ruleId":"SA3789866516","message":{"text":"Potential SQL injection detected in Java code"},"locations":[{"physicalLocation":{"artifactLocation":{"index":8},"region":{"startLine":335}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\src\\com\\ibm\\security\\appscan\\altoromutual\\util\\DBUtil.java"}]}],"guid":"ce63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"368443853"},"properties":{"Severity":"High","Status":"Open","IssueType":"Injection.SQL"}},{"ruleId":"SA2930583910","message":{"text":"Password stored in Java String object"},"locations":[{"physicalLocation":{"artifactLocation":{"index":9},"region":{"startLine":63}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\src\\com\\ibm\\security\\appscan\\altoromutual\\filter\\ApiAuthFilter.java"}]}],"guid":"a063891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"-1637779677"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Authentication.Credentials.Unprotected"}},{"ruleId":"SA3364303381","message":{"text":"Insecure random number generator in Java code"},"locations":[{"physicalLocation":{"artifactLocation":{"index":10},"region":{"startLine":148}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\src\\com\\ibm\\security\\appscan\\altoromutual\\util\\OperationsUtil.java"}]}],"guid":"ed63891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"1339932025"},"properties":{"Severity":"High","Status":"Open","IssueType":"Cryptography.PoorEntropy"}},{"ruleId":"SA2930583910","message":{"text":"Password stored in Java String object"},"locations":[{"physicalLocation":{"artifactLocation":{"index":11},"region":{"startLine":47}},"logicalLocations":[{"fullyQualifiedName":"AltoroJ-AltoroJ-3.2\\src\\com\\ibm\\security\\appscan\\altoromutual\\servlet\\CCApplyServlet.java"}]}],"guid":"b363891e-0ad8-ee11-9f02-14cb65725114","fingerprints":{"hash/v5":"11850941"},"properties":{"Severity":"Medium","Status":"Open","IssueType":"Authentication.Credentials.Unprotected"}}],"columnKind":"utf16CodeUnits"}]}